Merge pull request terraform-google-modules#10 from pratikmallya/add_…

…master_auth_network

Enable specifying  master_authorized_networks_config

cluster_regional.tf

@@ -33,6 +33,8 @@ resource "google_container_cluster" "primary" {
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
 
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
   addons_config {
     http_load_balancing {
       disabled = "${var.http_load_balancing ? 0 : 1}"

cluster_zonal.tf

@@ -33,6 +33,8 @@ resource "google_container_cluster" "zonal_primary" {
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
 
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
   addons_config {
     http_load_balancing {
       disabled = "${var.http_load_balancing ? 0 : 1}"

outputs.tf

@@ -60,6 +60,11 @@ output "monitoring_service" {
   value       = "${local.cluster_monitoring_service}"
 }
 
+output "master_authorized_networks_config" {
+  description = "Networks from which access to master is permitted"
+  value       = "${var.master_authorized_networks_config}"
+}
+
 output "master_version" {
   description = "Current master kubernetes version"
   value       = "${local.cluster_master_version}"

variables.tf

@@ -65,6 +65,25 @@ variable "node_version" {
   default     = ""
 }
 
+variable "master_authorized_networks_config" {
+  type = "list"
+
+  description = <<EOF
+  The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)
+
+  ### example format ###
+  default = [{
+    cidr_blocks = [{
+      cidr_block   = "10.0.0.0/8"
+      display_name = "example_network"
+    }],
+  }]
+
+  EOF
+
+  default = []
+}
+
 variable "horizontal_pod_autoscaling" {
   description = "Enable horizontal pod autoscaling addon"
   default     = false