Enable specifying master_authorized_networks_config

terraform-google-modules · Sep 19, 2018 · 03091f4 · 03091f4
1 parent 85bb002
commit 03091f4
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 0 deletions.
diff --git a/cluster_regional.tf b/cluster_regional.tf
@@ -33,6 +33,8 @@ resource "google_container_cluster" "primary" {
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
 
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
   addons_config {
     http_load_balancing {
       disabled = "${var.http_load_balancing ? 0 : 1}"

diff --git a/cluster_zonal.tf b/cluster_zonal.tf
@@ -33,6 +33,8 @@ resource "google_container_cluster" "zonal_primary" {
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
 
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
   addons_config {
     http_load_balancing {
       disabled = "${var.http_load_balancing ? 0 : 1}"

diff --git a/outputs.tf b/outputs.tf
@@ -58,6 +58,10 @@ output "logging_service" {
 output "monitoring_service" {
   description = "Monitoring service used"
   value       = "${local.cluster_monitoring_service}"
+
+output "master_authorized_networks_config" {
+  description = "Networks from which access to master is permitted"
+  value       = "${var.master_authorized_networks_config}"
 }
 
 output "master_version" {

diff --git a/variables.tf b/variables.tf
@@ -65,6 +65,12 @@ variable "node_version" {
   default     = ""
 }
 
+variable "master_authorized_networks_config" {
+  description = "The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
+  type        = "list"
+  default     = []
+}
+
 variable "horizontal_pod_autoscaling" {
   description = "Enable horizontal pod autoscaling addon"
   default     = false