diff --git a/autogen/main/README.md b/autogen/main/README.md index 222bd22e1..071e7626d 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -85,7 +85,6 @@ module "gke" { {% if private_cluster %} enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" {% endif %} {% if beta_cluster and autopilot_cluster != true %} istio = true diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index ef4844a02..cc4a14817 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -146,7 +146,7 @@ locals { {% if private_cluster %} cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block {% else %} cluster_endpoint = google_container_cluster.primary.endpoint cluster_endpoint_for_nodes = "${google_container_cluster.primary.endpoint}/32" diff --git a/autogen/main/outputs.tf.tmpl b/autogen/main/outputs.tf.tmpl index aacaebddb..86ae7d621 100644 --- a/autogen/main/outputs.tf.tmpl +++ b/autogen/main/outputs.tf.tmpl @@ -207,7 +207,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index e133923c5..704915adf 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -495,12 +495,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - {% if autopilot_cluster == true%} + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." default = null - {% else %} - default = "10.0.0.0/28" - {% endif %} } variable "private_endpoint_subnetwork" { diff --git a/docs/upgrading_to_v35.0.md b/docs/upgrading_to_v35.0.md index bd55288bb..704c5bc5d 100644 --- a/docs/upgrading_to_v35.0.md +++ b/docs/upgrading_to_v35.0.md @@ -50,3 +50,18 @@ To avoid this, it is possible to edit the remote state of the `random_id` resour 1. Bump the serial number at the top 2. Push the modified state to the remote `terraform state push default.tfstate` 3. Confirm the `random_id` resource(s) no longer changes (or the corresponding `nodepool`) in a `terraform plan` + +### master_ipv4_cidr_block default value +The default value for `master_ipv4_cidr_block` on private standard clusters has been changed from `"10.0.0.0/28"` to `null`. To maintain the previous default behavior, set `master_ipv4_cidr_block` to `"10.0.0.0/28"`. + +``` + module "gke" { + source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + version = "~> 35.0" + + project_id = var.project_id + name = var.cluster_name + ++ master_ipv4_cidr_block = "10.0.0.0/28" + } +``` diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index 3483a1ec8..0f703bfaf 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -49,7 +49,6 @@ module "gke" { enable_private_endpoint = true enable_private_nodes = true enable_secret_manager_addon = true - master_ipv4_cidr_block = "172.16.0.0/28" default_max_pods_per_node = 20 remove_default_node_pool = true deletion_protection = false diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index a875dfbfd..9f87acf18 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -53,7 +53,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false } @@ -129,7 +128,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `null` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER\_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index b4a08b336..e2bd8547a 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -79,7 +79,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-autopilot-private-cluster/outputs.tf b/modules/beta-autopilot-private-cluster/outputs.tf index aa72f4346..d3e170f08 100644 --- a/modules/beta-autopilot-private-cluster/outputs.tf +++ b/modules/beta-autopilot-private-cluster/outputs.tf @@ -165,7 +165,7 @@ output "tpu_ipv4_cidr_block" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 628b1e89c..813d42b71 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -279,7 +279,7 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." default = null } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 5d97be4c6..1d0db5124 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -77,7 +77,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" istio = true cloudrun = true dns_cache = false @@ -251,7 +250,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 5f0e25240..c573681b7 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -123,7 +123,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf index 47b662f8a..78116b90a 100644 --- a/modules/beta-private-cluster-update-variant/outputs.tf +++ b/modules/beta-private-cluster-update-variant/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index eb66aa847..8c2e2de46 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -480,8 +480,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 1077d7fc8..6d7d6a242 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -55,7 +55,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" istio = true cloudrun = true dns_cache = false @@ -229,7 +228,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 5f0e25240..c573681b7 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -123,7 +123,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index 47b662f8a..78116b90a 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index eb66aa847..8c2e2de46 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -480,8 +480,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 4339bacbb..d83c076f4 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -77,7 +77,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false node_pools = [ @@ -239,7 +238,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index 44ec74167..dac248be8 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -111,7 +111,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/private-cluster-update-variant/outputs.tf b/modules/private-cluster-update-variant/outputs.tf index acb3c9da4..48f8afb79 100644 --- a/modules/private-cluster-update-variant/outputs.tf +++ b/modules/private-cluster-update-variant/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 11f0474b8..769a67bb4 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -474,8 +474,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 753b3fd4c..6da2c08ab 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -55,7 +55,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false node_pools = [ @@ -217,7 +216,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index 44ec74167..dac248be8 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -111,7 +111,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/private-cluster/outputs.tf b/modules/private-cluster/outputs.tf index acb3c9da4..48f8afb79 100644 --- a/modules/private-cluster/outputs.tf +++ b/modules/private-cluster/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 11f0474b8..769a67bb4 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -474,8 +474,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" {