diff --git a/cluster_regional.tf b/cluster_regional.tf index 61c2df6b4e..51f40641bc 100644 --- a/cluster_regional.tf +++ b/cluster_regional.tf @@ -30,8 +30,10 @@ resource "google_container_cluster" "primary" { subnetwork = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}" min_master_version = "${local.kubernetes_version}" - logging_service = "${var.logging_service}" - monitoring_service = "${var.monitoring_service}" + logging_service = "${var.logging_service}" + monitoring_service = "${var.monitoring_service}" + private_cluster = "${var.private_cluster}" + master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}" addons_config { http_load_balancing { diff --git a/cluster_zonal.tf b/cluster_zonal.tf index 053fcde549..aedfa1bb3e 100644 --- a/cluster_zonal.tf +++ b/cluster_zonal.tf @@ -30,8 +30,10 @@ resource "google_container_cluster" "zonal_primary" { subnetwork = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}" min_master_version = "${local.kubernetes_version}" - logging_service = "${var.logging_service}" - monitoring_service = "${var.monitoring_service}" + logging_service = "${var.logging_service}" + monitoring_service = "${var.monitoring_service}" + private_cluster = "${var.private_cluster}" + master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}" addons_config { http_load_balancing { diff --git a/main.tf b/main.tf index 57aae6f528..39373ccea0 100644 --- a/main.tf +++ b/main.tf @@ -118,18 +118,20 @@ locals { cluster_master_auth_map = "${local.cluster_master_auth_list_layer2[0]}" # cluster locals - cluster_name = "${local.cluster_type_output_name[local.cluster_type]}" - cluster_location = "${local.cluster_type_output_location[local.cluster_type]}" - cluster_region = "${local.cluster_type_output_region[local.cluster_type]}" - cluster_zones = "${sort(local.cluster_type_output_zones[local.cluster_type])}" - cluster_endpoint = "${local.cluster_type_output_endpoint[local.cluster_type]}" - cluster_ca_certificate = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}" - cluster_master_version = "${local.cluster_type_output_master_version[local.cluster_type]}" - cluster_min_master_version = "${local.cluster_type_output_min_master_version[local.cluster_type]}" - cluster_logging_service = "${local.cluster_type_output_logging_service[local.cluster_type]}" - cluster_monitoring_service = "${local.cluster_type_output_monitoring_service[local.cluster_type]}" - cluster_node_pools_names = "${local.cluster_type_output_node_pools_names[local.cluster_type]}" - cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}" + cluster_name = "${local.cluster_type_output_name[local.cluster_type]}" + cluster_location = "${local.cluster_type_output_location[local.cluster_type]}" + cluster_region = "${local.cluster_type_output_region[local.cluster_type]}" + cluster_zones = "${sort(local.cluster_type_output_zones[local.cluster_type])}" + cluster_endpoint = "${local.cluster_type_output_endpoint[local.cluster_type]}" + cluster_ca_certificate = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}" + cluster_master_version = "${local.cluster_type_output_master_version[local.cluster_type]}" + cluster_min_master_version = "${local.cluster_type_output_min_master_version[local.cluster_type]}" + cluster_logging_service = "${local.cluster_type_output_logging_service[local.cluster_type]}" + cluster_monitoring_service = "${local.cluster_type_output_monitoring_service[local.cluster_type]}" + cluster_private_cluster = "${local.cluster_type_output_private_cluster[local.cluster_type]}" + cluster_master_ipv4_cidr_block = "${local.cluster_type_output_master_ipv4_cidr_block[local.cluster_type]}" + cluster_node_pools_names = "${local.cluster_type_output_node_pools_names[local.cluster_type]}" + cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}" cluster_network_policy_enabled = "${local.cluster_type_output_network_policy_enabled[local.cluster_type] ? false : true}" cluster_http_load_balancing_enabled = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}" diff --git a/outputs.tf b/outputs.tf index d74cdbcb31..5e20a4a614 100644 --- a/outputs.tf +++ b/outputs.tf @@ -60,6 +60,16 @@ output "monitoring_service" { value = "${local.cluster_monitoring_service}" } +output "private_cluster" { + description = "Private cluster or not" + value = "${local.cluster_private_cluster}" +} + +output "master_ipv4_cidr_block" { + description = "RFC1918 block for master vpc" + value = "${local.cluster_master_ipv4_cidr_block}" +} + output "master_version" { description = "Current master kubernetes version" value = "${local.cluster_master_version}" diff --git a/variables.tf b/variables.tf index 643fcbf0e9..9f2d77c749 100644 --- a/variables.tf +++ b/variables.tf @@ -170,3 +170,13 @@ variable "monitoring_service" { description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com" } + +variable "private_cluster" { + description = "(Optional, Beta) If true, a private cluster will be created, meaning nodes do not get public IP addresses. It is mandatory to specify master_ipv4_cidr_block and ip_allocation_policy with this option." + default = false +} + +variable "master_ipv4_cidr_block " { + description = " (Optional, Beta) Specifies a private RFC1918 block for the master's VPC. The master range must not overlap with any subnet in your cluster's VPC. The master and your cluster use VPC peering. Must be specified in CIDR notation and must be /28 subnet." + default = "" +}