Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

master_global_access_config is going to be applied each run #629

Closed
m0ps opened this issue Aug 13, 2020 · 5 comments
Closed

master_global_access_config is going to be applied each run #629

m0ps opened this issue Aug 13, 2020 · 5 comments

Comments

@m0ps
Copy link
Contributor

m0ps commented Aug 13, 2020

master_global_access_config is going to be applied during each terraform run

      ~ private_cluster_config {
            enable_private_endpoint = true
            enable_private_nodes    = true
            master_ipv4_cidr_block  = "XXX.XXX.XXX.XXX/28"
            peering_name            = "gke-XXXXXXXXXXXXX-XXXX-XXXX-peer"
            private_endpoint        = "XXX.XXX.XXX.XXX"
            public_endpoint         = "XXX.XXX.XXX.XXX."

          + master_global_access_config {
              + enabled = true
            }
        }

It was introduced in v11.0 release.

The same issue was with pod_security_policy_config, but it was fixed in v10.0 release (6069ece)
@morgante
Copy link
Contributor

What configuration are you using?

@m0ps
Copy link
Contributor Author

m0ps commented Aug 13, 2020
edited
Loading

I didn't define this option in my configuration, it enabled by default.

Terraform version - 0.13.0

module "gke" {
  source                        = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"
  version                       = "~> 11.0"

@morgante
Copy link
Contributor

Hmm it looks like this is actually a provider issue since I don't see any issue with the block we're generating. Please file an issue there: https://github.com/hashicorp/terraform-provider-google/issues

@morgante
Copy link
Contributor

As a workaround, you can disable master global access with master_global_access_enabled = false.

@bharathkkb
Copy link
Member

I think there might be a bug based on my spot check. Toggling master_global_access_enabled = false after initially creating does not actually make it false. I will dig into later to confirm but it does seem like a provider issue.

@currankaushik currankaushik mentioned this issue Nov 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@morgante @m0ps @bharathkkb