From f5e85e09086ca52d7f448bc7f2229ece3761c505 Mon Sep 17 00:00:00 2001 From: Don Petersen Date: Fri, 18 Sep 2020 14:12:24 -0700 Subject: [PATCH] Allow overriding oAuth scopes for NAP pools The defaults I included come from the scopes I observed in a cluster I stood up when no scopes were specified. I am assuming these are GKE defaults. This does not match the default scopes for normal node pools in this Terraform module, so it may not be the correct choice. --- autogen/main/cluster.tf.tmpl | 1 + autogen/main/variables.tf.tmpl | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index d0c45bdf7f..b7795a0ebd 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -76,6 +76,7 @@ resource "google_container_cluster" "primary" { enabled = var.cluster_autoscaling.enabled auto_provisioning_defaults { service_account = local.service_account + oauth_scopes = var.cluster_autoscaling.oauth_scopes } autoscaling_profile = var.cluster_autoscaling.autoscaling_profile != null ? var.cluster_autoscaling.autoscaling_profile : "BALANCED" dynamic "resource_limits" { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 051df31f91..8dfe1a62bb 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -216,6 +216,7 @@ variable "cluster_autoscaling" { max_cpu_cores = number min_memory_gb = number max_memory_gb = number + oauth_scopes = list(string) }) default = { enabled = false @@ -224,6 +225,10 @@ variable "cluster_autoscaling" { min_cpu_cores = 0 max_memory_gb = 0 min_memory_gb = 0 + oauth_scopes = [ + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring" + ] } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" }