diff --git a/Makefile b/Makefile index 705a0c7e6..4f49e8c52 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.0 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 16fb4723b..7621acdb5 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -57,6 +57,11 @@ resource "google_container_cluster" "primary" { subnetwork = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}" +{% if beta_cluster %} + default_snat_status{ + disabled = var.disable_default_snat + } +{% endif %} {% if beta_cluster %} min_master_version = var.release_channel != null ? null : local.master_version {% else %} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index d597d2110..051df31f9 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -550,3 +550,11 @@ variable "gcloud_skip_download" { description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)" default = true } + +{% if beta_cluster %} +variable "disable_default_snat" { + type = bool + description = "Whether to disable the default SNAT to support the private use of public IP addresses" + default = false +} +{% endif %} diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index aeab7ae54..622ecd96e 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -19,7 +19,7 @@ terraform { required_providers { {% if beta_cluster %} - google-beta = ">= 3.29.0, <4.0.0" + google-beta = ">= 3.32.0, <4.0.0" {% else %} google = ">= 3.16, <4.0.0" {% endif %} diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 4ec677235..df2a73a1f 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -49,6 +49,8 @@ module "gke" { ip_range_pods = var.ip_range_pods ip_range_services = var.ip_range_services + disable_default_snat = var.disable_default_snat + add_cluster_firewall_rules = var.add_cluster_firewall_rules firewall_priority = var.firewall_priority firewall_inbound_ports = var.firewall_inbound_ports diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 1170330d0..31c696ecb 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -363,3 +363,9 @@ variable "config_connector" { description = "(Beta) Whether ConfigConnector is enabled for this cluster." default = false } + +variable "disable_default_snat" { + type = bool + description = "Whether to disable the default SNAT to support the private use of public IP addresses" + default = false +} diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 28d2c7266..a2c469c9b 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -429,6 +429,6 @@ tags: - 'integration' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0' options: machineType: 'N1_HIGHCPU_8' diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml index 84fbf1532..ff1c6cfe5 100644 --- a/build/lint.cloudbuild.yaml +++ b/build/lint.cloudbuild.yaml @@ -22,4 +22,4 @@ tags: - 'lint' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0' diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 321534494..3cacf0bb6 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" region = var.region } diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index 407b7f565..12e1d52ca 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index e1c1042b8..48644bf6c 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -19,5 +19,5 @@ provider "google" { } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" } diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index df2e55326..a1087f607 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -34,7 +34,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" } module "gke" { diff --git a/examples/safer_cluster_iap_bastion/provider.tf b/examples/safer_cluster_iap_bastion/provider.tf index 32d96a52a..7f894855b 100644 --- a/examples/safer_cluster_iap_bastion/provider.tf +++ b/examples/safer_cluster_iap_bastion/provider.tf @@ -15,9 +15,9 @@ */ provider "google" { - version = "~> 3.29.0" + version = "~> 3.32.0" } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" } diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 81b053c82..3a883b435 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" region = var.region } diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 4336225fa..51216fefa 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -24,7 +24,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" region = var.region } diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf index c639992c9..cbf1d3f19 100644 --- a/examples/simple_zonal_with_asm/main.tf +++ b/examples/simple_zonal_with_asm/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" region = var.region } diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index 49a567d7a..65ec36ce3 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.29.0" + version = "~> 3.32.0" region = var.region } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 2a6df855c..f31cec96a 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -159,6 +159,7 @@ Then perform the following commands on the root folder: | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | string | `"110"` | no | | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | bool | `"false"` | no | | description | The description of the cluster | string | `""` | no | +| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | bool | `"false"` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | bool | `"false"` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 1c4fa4e87..5bc19f5dc 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -51,6 +51,9 @@ resource "google_container_cluster" "primary" { subnetwork = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}" + default_snat_status { + disabled = var.disable_default_snat + } min_master_version = var.release_channel != null ? null : local.master_version logging_service = var.logging_service diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 9d958a00d..f092bb5d7 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -540,3 +540,9 @@ variable "gcloud_skip_download" { description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)" default = true } + +variable "disable_default_snat" { + type = bool + description = "Whether to disable the default SNAT to support the private use of public IP addresses" + default = false +} diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index a8d571865..abc3492f1 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = ">=0.12.6, <0.14" required_providers { - google-beta = ">= 3.29.0, <4.0.0" + google-beta = ">= 3.32.0, <4.0.0" } } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 9b9049bc3..312e1c907 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -137,6 +137,7 @@ Then perform the following commands on the root folder: | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | string | `"110"` | no | | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | bool | `"false"` | no | | description | The description of the cluster | string | `""` | no | +| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | bool | `"false"` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | bool | `"false"` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 14275fd1a..38717b6bd 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -51,6 +51,9 @@ resource "google_container_cluster" "primary" { subnetwork = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}" + default_snat_status { + disabled = var.disable_default_snat + } min_master_version = var.release_channel != null ? null : local.master_version logging_service = var.logging_service diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 9d958a00d..f092bb5d7 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -540,3 +540,9 @@ variable "gcloud_skip_download" { description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)" default = true } + +variable "disable_default_snat" { + type = bool + description = "Whether to disable the default SNAT to support the private use of public IP addresses" + default = false +} diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index a8d571865..abc3492f1 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = ">=0.12.6, <0.14" required_providers { - google-beta = ">= 3.29.0, <4.0.0" + google-beta = ">= 3.32.0, <4.0.0" } } diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 7467d5bc3..c5ca570b8 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -152,6 +152,7 @@ Then perform the following commands on the root folder: | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | string | `"110"` | no | | description | The description of the cluster | string | `""` | no | +| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | bool | `"false"` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | bool | `"false"` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 5c9f2f2a6..913020353 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -51,6 +51,9 @@ resource "google_container_cluster" "primary" { subnetwork = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}" + default_snat_status { + disabled = var.disable_default_snat + } min_master_version = var.release_channel != null ? null : local.master_version logging_service = var.logging_service diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 042356852..a14d2c30b 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -509,3 +509,9 @@ variable "gcloud_skip_download" { description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)" default = true } + +variable "disable_default_snat" { + type = bool + description = "Whether to disable the default SNAT to support the private use of public IP addresses" + default = false +} diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index a8d571865..abc3492f1 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = ">=0.12.6, <0.14" required_providers { - google-beta = ">= 3.29.0, <4.0.0" + google-beta = ">= 3.32.0, <4.0.0" } } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index ec2a33e42..5900966e0 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -130,6 +130,7 @@ Then perform the following commands on the root folder: | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | string | `"110"` | no | | description | The description of the cluster | string | `""` | no | +| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | bool | `"false"` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | bool | `"false"` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 33f04f4c1..4467bc2ae 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -51,6 +51,9 @@ resource "google_container_cluster" "primary" { subnetwork = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}" + default_snat_status { + disabled = var.disable_default_snat + } min_master_version = var.release_channel != null ? null : local.master_version logging_service = var.logging_service diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 042356852..a14d2c30b 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -509,3 +509,9 @@ variable "gcloud_skip_download" { description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)" default = true } + +variable "disable_default_snat" { + type = bool + description = "Whether to disable the default SNAT to support the private use of public IP addresses" + default = false +} diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index a8d571865..abc3492f1 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = ">=0.12.6, <0.14" required_providers { - google-beta = ">= 3.29.0, <4.0.0" + google-beta = ">= 3.32.0, <4.0.0" } } diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 896196f29..8188c2afd 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -374,3 +374,4 @@ variable "gcloud_skip_download" { description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)" default = true } + diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 896196f29..8188c2afd 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -374,3 +374,4 @@ variable "gcloud_skip_download" { description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)" default = true } + diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index 9d6cdc716..4adecdbc5 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -209,6 +209,7 @@ For simplicity, we suggest using `roles/container.admin` and | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | string | `"110"` | no | | description | The description of the cluster | string | `""` | no | +| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | bool | `"false"` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | bool | `"false"` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | bool | `"false"` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | bool | `"false"` | no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 86f819885..4505c7e92 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -45,6 +45,8 @@ module "gke" { ip_range_pods = var.ip_range_pods ip_range_services = var.ip_range_services + disable_default_snat = var.disable_default_snat + add_cluster_firewall_rules = var.add_cluster_firewall_rules firewall_priority = var.firewall_priority firewall_inbound_ports = var.firewall_inbound_ports diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 6f24d35cf..fdf4e9843 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -363,3 +363,9 @@ variable "config_connector" { description = "(Beta) Whether ConfigConnector is enabled for this cluster." default = false } + +variable "disable_default_snat" { + type = bool + description = "Whether to disable the default SNAT to support the private use of public IP addresses" + default = false +} diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index 9d6cdc716..4adecdbc5 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -209,6 +209,7 @@ For simplicity, we suggest using `roles/container.admin` and | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | string | `"110"` | no | | description | The description of the cluster | string | `""` | no | +| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | bool | `"false"` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | bool | `"false"` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | bool | `"false"` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | bool | `"false"` | no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 2375b63a9..f5fd724d3 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -45,6 +45,8 @@ module "gke" { ip_range_pods = var.ip_range_pods ip_range_services = var.ip_range_services + disable_default_snat = var.disable_default_snat + add_cluster_firewall_rules = var.add_cluster_firewall_rules firewall_priority = var.firewall_priority firewall_inbound_ports = var.firewall_inbound_ports diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 6f24d35cf..fdf4e9843 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -363,3 +363,9 @@ variable "config_connector" { description = "(Beta) Whether ConfigConnector is enabled for this cluster." default = false } + +variable "disable_default_snat" { + type = bool + description = "Whether to disable the default SNAT to support the private use of public IP addresses" + default = false +} diff --git a/test/setup/versions.tf b/test/setup/versions.tf index 4f8f9a028..cec9f1d44 100644 --- a/test/setup/versions.tf +++ b/test/setup/versions.tf @@ -23,5 +23,5 @@ provider "google" { } provider "google-beta" { - version = "3.25.0" + version = "3.32.0" } diff --git a/variables.tf b/variables.tf index d9dab264d..08beb9f7b 100644 --- a/variables.tf +++ b/variables.tf @@ -350,3 +350,4 @@ variable "gcloud_skip_download" { description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)" default = true } +