diff --git a/CHANGELOG.md b/CHANGELOG.md index 547a850ea9..de84c5ec9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. +## [32.0.4](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v32.0.3...v32.0.4) (2024-08-26) + + +### Bug Fixes + +* allow enable_private_endpoint with no master_authorized_networks ([#2058](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2058)) ([528b373](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/528b373cc13e8c02d18fdc2078169b940f076083)) + ## [32.0.3](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v32.0.2...v32.0.3) (2024-08-22) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index b4fcd80ae3..b1a305ccf4 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -257,10 +257,10 @@ resource "google_container_cluster" "primary" { enable_autopilot = true {% endif %} dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = {% if private_cluster %}var.enable_private_endpoint || {% endif %}length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index 8872676a67..a7c8afe484 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -174,11 +174,6 @@ locals { # /BETA features {% endif %} - - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - {% if autopilot_cluster != true %} cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 998ae8bd49..7c68bb2545 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -40,7 +40,7 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v32.0.4" } {% else %} required_providers { @@ -58,7 +58,7 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v32.0.4" } {% endif %} } diff --git a/autogen/safer-cluster/versions.tf.tmpl b/autogen/safer-cluster/versions.tf.tmpl index 9613b5be40..ae4ce79090 100644 --- a/autogen/safer-cluster/versions.tf.tmpl +++ b/autogen/safer-cluster/versions.tf.tmpl @@ -23,6 +23,6 @@ terraform { required_version = ">=1.3" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v32.0.4" } } diff --git a/cluster.tf b/cluster.tf index edc2d074df..d8fc73abc8 100644 --- a/cluster.tf +++ b/cluster.tf @@ -190,10 +190,10 @@ resource "google_container_cluster" "primary" { enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index 5cd745c8b0..02312c42f0 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -55,7 +55,7 @@ resource "kubernetes_pod" "nginx-example" { spec { container { - image = "nginx:1.27.0" + image = "nginx:1.27.1" name = "nginx-example" } } diff --git a/examples/simple_autopilot_private/main.tf b/examples/simple_autopilot_private/main.tf index e81a983e73..17f2b17885 100644 --- a/examples/simple_autopilot_private/main.tf +++ b/examples/simple_autopilot_private/main.tf @@ -51,11 +51,4 @@ module "gke" { enable_private_nodes = true network_tags = [local.cluster_type] deletion_protection = false - - master_authorized_networks = [ - { - cidr_block = "10.60.0.0/17" - display_name = "VPC" - }, - ] } diff --git a/main.tf b/main.tf index 4f91f356d6..9754bf86ab 100644 --- a/main.tf +++ b/main.tf @@ -126,11 +126,6 @@ locals { cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], [for np in google_container_node_pool.windows_pools : np.name], [""] diff --git a/modules/acm/versions.tf b/modules/acm/versions.tf index 170c4f56f2..5779d86966 100644 --- a/modules/acm/versions.tf +++ b/modules/acm/versions.tf @@ -19,11 +19,11 @@ terraform { required_version = ">= 0.13.0" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v32.0.4" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v32.0.4" } required_providers { diff --git a/modules/asm/versions.tf b/modules/asm/versions.tf index 25d5442cf7..dc4f84eea0 100644 --- a/modules/asm/versions.tf +++ b/modules/asm/versions.tf @@ -36,10 +36,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v32.0.4" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v32.0.4" } } diff --git a/modules/auth/versions.tf b/modules/auth/versions.tf index 1ca48afc14..5a02050197 100644 --- a/modules/auth/versions.tf +++ b/modules/auth/versions.tf @@ -26,6 +26,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v32.0.4" } } diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 7472b09941..a725060cc9 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -106,10 +106,10 @@ resource "google_container_cluster" "primary" { enable_fqdn_network_policy = var.enable_fqdn_network_policy enable_autopilot = true dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = var.enable_private_endpoint || length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index 9c23b42d05..1f921ebb76 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -101,11 +101,6 @@ locals { # /BETA features - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - - cluster_master_auth_list_layer1 = local.cluster_output_master_auth cluster_master_auth_list_layer2 = local.cluster_master_auth_list_layer1[0] cluster_master_auth_map = local.cluster_master_auth_list_layer2[0] diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index a2775c00a3..5c00fe2f32 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v32.0.4" } } diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index bc65225fcc..dc9915bc7b 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -106,10 +106,10 @@ resource "google_container_cluster" "primary" { enable_fqdn_network_policy = var.enable_fqdn_network_policy enable_autopilot = true dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf index b4956bb6a3..15edafa7f9 100644 --- a/modules/beta-autopilot-public-cluster/main.tf +++ b/modules/beta-autopilot-public-cluster/main.tf @@ -100,11 +100,6 @@ locals { # /BETA features - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - - cluster_master_auth_list_layer1 = local.cluster_output_master_auth cluster_master_auth_list_layer2 = local.cluster_master_auth_list_layer1[0] cluster_master_auth_map = local.cluster_master_auth_list_layer2[0] diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index e84bd0ef73..6a14f69040 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v32.0.4" } } diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 6242de6549..d3401ca09c 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -211,10 +211,10 @@ resource "google_container_cluster" "primary" { enable_fqdn_network_policy = var.enable_fqdn_network_policy dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = var.enable_private_endpoint || length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 4ee56aaacd..a715e4a691 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -145,11 +145,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # /BETA features - - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], [for np in google_container_node_pool.windows_pools : np.name], [""] diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index fd1e24983c..d6999dc909 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v32.0.4" } } diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 0578d91001..f073f632be 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -211,10 +211,10 @@ resource "google_container_cluster" "primary" { enable_fqdn_network_policy = var.enable_fqdn_network_policy dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = var.enable_private_endpoint || length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 4ee56aaacd..a715e4a691 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -145,11 +145,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # /BETA features - - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], [for np in google_container_node_pool.windows_pools : np.name], [""] diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 89ff797f64..b12022e58f 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v32.0.4" } } diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index d63bbba197..6c68b5264d 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -211,10 +211,10 @@ resource "google_container_cluster" "primary" { enable_fqdn_network_policy = var.enable_fqdn_network_policy dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 58d2dce97c..23a49126ed 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -144,11 +144,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # /BETA features - - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], [for np in google_container_node_pool.windows_pools : np.name], [""] diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 3ef7549d18..8eef1adeb6 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v32.0.4" } } diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 174b33c6be..e844bf1f01 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -211,10 +211,10 @@ resource "google_container_cluster" "primary" { enable_fqdn_network_policy = var.enable_fqdn_network_policy dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 58d2dce97c..23a49126ed 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -144,11 +144,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # /BETA features - - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], [for np in google_container_node_pool.windows_pools : np.name], [""] diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 58c3a51dd3..fed51318b1 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v32.0.4" } } diff --git a/modules/binary-authorization/versions.tf b/modules/binary-authorization/versions.tf index bd7c5de075..692f103786 100644 --- a/modules/binary-authorization/versions.tf +++ b/modules/binary-authorization/versions.tf @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v32.0.4" } } diff --git a/modules/fleet-app-operator-permissions/versions.tf b/modules/fleet-app-operator-permissions/versions.tf index d8ae6293dd..12aa2fe997 100644 --- a/modules/fleet-app-operator-permissions/versions.tf +++ b/modules/fleet-app-operator-permissions/versions.tf @@ -33,7 +33,7 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:fleet-app-operator-permissions/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:fleet-app-operator-permissions/v32.0.4" } } diff --git a/modules/fleet-membership/versions.tf b/modules/fleet-membership/versions.tf index b3334fe871..8edafe204d 100644 --- a/modules/fleet-membership/versions.tf +++ b/modules/fleet-membership/versions.tf @@ -30,6 +30,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v32.0.4" } } diff --git a/modules/hub-legacy/versions.tf b/modules/hub-legacy/versions.tf index ad1a46899a..9f67a583d6 100644 --- a/modules/hub-legacy/versions.tf +++ b/modules/hub-legacy/versions.tf @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v32.0.4" } } diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 65b66dc412..2ab271cd5f 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -190,10 +190,10 @@ resource "google_container_cluster" "primary" { enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = var.enable_private_endpoint || length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index 884ea93033..91643752ce 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -127,11 +127,6 @@ locals { cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], [for np in google_container_node_pool.windows_pools : np.name], [""] diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 7430b76a29..30e68870a1 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v32.0.4" } } diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 1ed3bdb20b..6ee3c32c6c 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -190,10 +190,10 @@ resource "google_container_cluster" "primary" { enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy dynamic "master_authorized_networks_config" { - for_each = local.master_authorized_networks_config + for_each = var.enable_private_endpoint || length(var.master_authorized_networks) > 0 ? [true] : [] content { dynamic "cidr_blocks" { - for_each = master_authorized_networks_config.value.cidr_blocks + for_each = var.master_authorized_networks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index 884ea93033..91643752ce 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -127,11 +127,6 @@ locals { cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - - master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{ - cidr_blocks : var.master_authorized_networks - }] - cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], [for np in google_container_node_pool.windows_pools : np.name], [""] diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 351e317270..ca6363a83d 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v32.0.4" } } diff --git a/modules/safer-cluster-update-variant/versions.tf b/modules/safer-cluster-update-variant/versions.tf index de507fd56b..2cb29380aa 100644 --- a/modules/safer-cluster-update-variant/versions.tf +++ b/modules/safer-cluster-update-variant/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=1.3" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v32.0.4" } } diff --git a/modules/safer-cluster/versions.tf b/modules/safer-cluster/versions.tf index 052590a6d0..c398dd854e 100644 --- a/modules/safer-cluster/versions.tf +++ b/modules/safer-cluster/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=1.3" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v32.0.4" } } diff --git a/modules/services/versions.tf b/modules/services/versions.tf index 8e01602b55..9bde744e59 100644 --- a/modules/services/versions.tf +++ b/modules/services/versions.tf @@ -19,6 +19,6 @@ terraform { required_version = ">= 0.13.0" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v32.0.4" } } diff --git a/modules/workload-identity/versions.tf b/modules/workload-identity/versions.tf index 1f30509723..6b7ab8e1fc 100644 --- a/modules/workload-identity/versions.tf +++ b/modules/workload-identity/versions.tf @@ -30,6 +30,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v32.0.4" } } diff --git a/test/integration/simple_autopilot_private/simple_autopilot_private_test.go b/test/integration/simple_autopilot_private/simple_autopilot_private_test.go index aa506b0e09..290dc1873b 100644 --- a/test/integration/simple_autopilot_private/simple_autopilot_private_test.go +++ b/test/integration/simple_autopilot_private/simple_autopilot_private_test.go @@ -53,6 +53,7 @@ func TestSimpleAutopilotPrivate(t *testing.T) { "addonsConfig.httpLoadBalancing", "addonsConfig.kubernetesDashboard.disabled", "addonsConfig.networkPolicyConfig.disabled", + "masterAuthorizedNetworksConfig.enabled", } for _, pth := range validateJSONPaths { g.JSONEq(assert, op, pth) diff --git a/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json b/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json index 62103f7ee9..97237dc953 100644 --- a/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json +++ b/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json @@ -124,12 +124,6 @@ "clusterCaCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQUl6eEJuNWlDNm9hV2h5N0YwMnpoand3RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa05UZ3hOak5qWVRVdFpHSmhOQzAwWXpKaExUZ3lNemN0TmpreE9Ua3paREJpWXpJMQpNQ0FYRFRJek1ERXhNakF6TURZMU1Gb1lEekl3TlRNd01UQTBNRFF3TmpVd1dqQXZNUzB3S3dZRFZRUURFeVExCk9ERTJNMk5oTlMxa1ltRTBMVFJqTW1FdE9ESXpOeTAyT1RFNU9UTmtNR0pqTWpVd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FEUnltd1RVaEFkN1cwcWNZYWhRY0hkeTkxNWdRYzJrUTJQM2ZNcwozdGlISmRaUDFLb3o5djVuWUlZL3Q4aWxSb0NCSHEvNzhQVnBJZjNSWDVvSDdiTjN4UTFKWWF0ZEEvZ1lhVTRzCkdSZG05OW9zUmFsc01JdzR3SkNDWm50b2dtV3FmcmFzZldyOHo4b1NUSFVCL2N3UFhiaHBxMjlTanFUckM3elQKQnpoT0M5aGg5WUcwYnc0cHBReC9PL1Y2eGdhQ1Y0ZllQU1BML3lGSGs5cUpqUnB3bEh1YzduVlVLNHZFL2Y0LwpHRm44dXp1SnpRQ1FrSzBTUmx4WHJzRlM1WlB3YVB5OHJUZVJsVmhzRW1HWjYySkd5RFJuTDhJNTBvQlZtWXlSClF0ay93eGpFUVZiYUFNYlZsLytjSnhBWGJSTmhCZU85OWRjaFlhZ1o2UitBR2pHTHNaWUlka3JoNlZJNVh3OTcKY2xnTUJ0bXAxdHV2dVlIM3pGQitwckRMMmF5eXRTYXZ6VnlVV21OSDV6aDZSWnphMk9sRmFyeWo0RHYyemlNRgozckFnUE9KejhSdC9ZMUQzM1Y4ODZQVlNnUjNpZFZ0NDJ2dDcvaU9ZNUkxbmMyM1orRWdvaWZDTmtKVEM1MUtHClVZdTJjTjdzVjh1NnNuK1ltT1dPY0tXYzd2MENBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRHpPUGYyZU84enVMa2prZWI4TEZ5eVpRMk1YTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQlZDR2RGRWtmTE43bVg2SXZlb2tvMmVjZjhrUGlreTQyeFBvTEJtTnI2Cm94UXZWbnJtZlAxRTdxM2oyUnRNc2N5VzFUQU8wMTAwdzQyUWVUWWVPYm94em5xSms4TmNjQmQxdlNTa3NaOHUKdDlsS29GVmdRdkhLUzNldy81eG1Cb2o3em0rU0llQkRnSFJTNmMrNFQ0L25zMnl2UEhsbno2ZE5sLzJQMWtINwpBdmh2MkF3andZVC9EZU1tc3BEZERnMlVvVlhpYjliRTRES2Q2MUVCanhOc05EUjJDZ0VEYkZ1M0QwK01zRmcrCm9kcEUvc1BtZytsQWE0U24xNEZWZUNRdGxwWTBjY1RYY0tmKzN4c3FLMGZoSGk4Tk53ckg2bGpkUGN6VVJmS3cKK0hDVXVjeWtFOC96ay91aHR1dzhmOXlXbjcrS3RJbmxSNEtkOHk5WGFCaytsMkt6TVlxSkUyTzFNTmNkYlhONApvQmVrNE5QcGhGM1FrQmo3RUpnL0lkTGx1WEVCd1J3ZHg4SFlRRVoyRENvemlMNENtWThuS1dXR3lLeVJWSTIxCnlSaVY4SEJvWXZ5ZHNxYy9NSFFQUERrZDRSRk52YWtVUW55M0tUaDJoSlJyejB4Y2xXNENydDhsN3dGQkNEdzcKTEJvcWs5dWxjY01iWlJ6bTV4YkxCcUE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" }, "masterAuthorizedNetworksConfig": { - "cidrBlocks": [ - { - "cidrBlock": "10.60.0.0/17", - "displayName": "VPC" - } - ], "enabled": true }, "monitoringConfig": { diff --git a/test/integration/simple_zonal_private/simple_zonal_private_test.go b/test/integration/simple_zonal_private/simple_zonal_private_test.go index 515ee59f82..819a5ba456 100644 --- a/test/integration/simple_zonal_private/simple_zonal_private_test.go +++ b/test/integration/simple_zonal_private/simple_zonal_private_test.go @@ -64,6 +64,7 @@ func TestSimpleZonalPrivate(t *testing.T) { "nodePools.config.labels", "nodePools.config.tags", "nodePools.management.autoRepair", + "masterAuthorizedNetworksConfig", } for _, pth := range validateJSONPaths { g.JSONEq(assert, op, pth) diff --git a/versions.tf b/versions.tf index cfedaf0ca4..bfec31e721 100644 --- a/versions.tf +++ b/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v32.0.3" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v32.0.4" } }