Allow overriding oAuth scopes for NAP pools

The defaults I included come from the scopes I observed in a cluster I stood up when no scopes were specified. I am assuming these are GKE defaults. This does not match the default scopes for normal node pools in this Terraform module, so it may not be the correct choice.
terraform-google-modules · Sep 21, 2020 · f5e85e0 · f5e85e0
1 parent c288db9
commit f5e85e0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
@@ -76,6 +76,7 @@ resource "google_container_cluster" "primary" {
     enabled = var.cluster_autoscaling.enabled
     auto_provisioning_defaults {
       service_account = local.service_account
+      oauth_scopes = var.cluster_autoscaling.oauth_scopes
     }
     autoscaling_profile = var.cluster_autoscaling.autoscaling_profile != null ? var.cluster_autoscaling.autoscaling_profile : "BALANCED"
     dynamic "resource_limits" {

diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -216,6 +216,7 @@ variable "cluster_autoscaling" {
     max_cpu_cores       = number
     min_memory_gb       = number
     max_memory_gb       = number
+    oauth_scopes        = list(string)
   })
   default = {
     enabled             = false
@@ -224,6 +225,10 @@ variable "cluster_autoscaling" {
     min_cpu_cores       = 0
     max_memory_gb       = 0
     min_memory_gb       = 0
+    oauth_scopes        = [
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring"
+    ]
   }
   description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
 }