Add Private cluster and master ipv4 configuration

cluster_regional.tf

@@ -30,8 +30,10 @@ resource "google_container_cluster" "primary" {
   subnetwork         = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}"
   min_master_version = "${local.kubernetes_version}"
 
-  logging_service    = "${var.logging_service}"
-  monitoring_service = "${var.monitoring_service}"
+  logging_service        = "${var.logging_service}"
+  monitoring_service     = "${var.monitoring_service}"
+  private_cluster        = "${var.private_cluster}"
+  master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
 
   addons_config {
     http_load_balancing {

cluster_zonal.tf

@@ -30,8 +30,10 @@ resource "google_container_cluster" "zonal_primary" {
   subnetwork         = "projects/${local.network_project_id}/regions/${var.region}/subnetworks/${var.subnetwork}"
   min_master_version = "${local.kubernetes_version}"
 
-  logging_service    = "${var.logging_service}"
-  monitoring_service = "${var.monitoring_service}"
+  logging_service        = "${var.logging_service}"
+  monitoring_service     = "${var.monitoring_service}"
+  private_cluster        = "${var.private_cluster}"
+  master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
 
   addons_config {
     http_load_balancing {

main.tf

@@ -118,18 +118,20 @@ locals {
   cluster_master_auth_map         = "${local.cluster_master_auth_list_layer2[0]}"
 
   # cluster locals
-  cluster_name                = "${local.cluster_type_output_name[local.cluster_type]}"
-  cluster_location            = "${local.cluster_type_output_location[local.cluster_type]}"
-  cluster_region              = "${local.cluster_type_output_region[local.cluster_type]}"
-  cluster_zones               = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
-  cluster_endpoint            = "${local.cluster_type_output_endpoint[local.cluster_type]}"
-  cluster_ca_certificate      = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
-  cluster_master_version      = "${local.cluster_type_output_master_version[local.cluster_type]}"
-  cluster_min_master_version  = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
-  cluster_logging_service     = "${local.cluster_type_output_logging_service[local.cluster_type]}"
-  cluster_monitoring_service  = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
-  cluster_node_pools_names    = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
-  cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
+  cluster_name                   = "${local.cluster_type_output_name[local.cluster_type]}"
+  cluster_location               = "${local.cluster_type_output_location[local.cluster_type]}"
+  cluster_region                 = "${local.cluster_type_output_region[local.cluster_type]}"
+  cluster_zones                  = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
+  cluster_endpoint               = "${local.cluster_type_output_endpoint[local.cluster_type]}"
+  cluster_ca_certificate         = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
+  cluster_master_version         = "${local.cluster_type_output_master_version[local.cluster_type]}"
+  cluster_min_master_version     = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
+  cluster_logging_service        = "${local.cluster_type_output_logging_service[local.cluster_type]}"
+  cluster_monitoring_service     = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
+  cluster_private_cluster        = "${local.cluster_type_output_private_cluster[local.cluster_type]}"
+  cluster_master_ipv4_cidr_block = "${local.cluster_type_output_master_ipv4_cidr_block[local.cluster_type]}"
+  cluster_node_pools_names       = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
+  cluster_node_pools_versions    = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
 
   cluster_network_policy_enabled             = "${local.cluster_type_output_network_policy_enabled[local.cluster_type] ? false : true}"
   cluster_http_load_balancing_enabled        = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"

outputs.tf

@@ -60,6 +60,16 @@ output "monitoring_service" {
   value       = "${local.cluster_monitoring_service}"
 }
 
+output "private_cluster" {
+  description = "Private cluster or not"
+  value       = "${local.cluster_private_cluster}"
+}
+
+output "master_ipv4_cidr_block" {
+  description = "RFC1918 block for master vpc"
+  value       = "${local.cluster_master_ipv4_cidr_block}"
+}
+
 output "master_version" {
   description = "Current master kubernetes version"
   value       = "${local.cluster_master_version}"

variables.tf

@@ -170,3 +170,13 @@ variable "monitoring_service" {
   description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none"
   default     = "monitoring.googleapis.com"
 }
+
+variable "private_cluster" {
+  description = "(Optional, Beta) If true, a private cluster will be created, meaning nodes do not get public IP addresses. It is mandatory to specify master_ipv4_cidr_block and ip_allocation_policy with this option."
+  default     = false
+}
+
+variable "master_ipv4_cidr_block " {
+  description = " (Optional, Beta) Specifies a private RFC1918 block for the master's VPC. The master range must not overlap with any subnet in your cluster's VPC. The master and your cluster use VPC peering. Must be specified in CIDR notation and must be /28 subnet."
+  default     = ""
+}