Skip to content
This repository has been archived by the owner on Mar 29, 2023. It is now read-only.

Fix: google provider breaking changes in 4.0.0 #33 #134

Closed
wants to merge 1 commit into from
Closed

Fix: google provider breaking changes in 4.0.0 #33 #134

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions modules/gke-cluster/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ terraform {
}

locals {
workload_identity_config = !var.enable_workload_identity ? [] : var.identity_namespace == null ? [{
identity_namespace = "${var.project}.svc.id.goog" }] : [{ identity_namespace = var.identity_namespace
workload_identity_config = !var.enable_workload_identity ? [] : var.workload_pool == null ? [{
workload_pool = "${var.project}.svc.id.goog" }] : [{ workload_pool = var.workload_pool
}]
}

Expand All @@ -36,6 +36,8 @@ resource "google_container_cluster" "cluster" {
monitoring_service = var.monitoring_service
min_master_version = local.kubernetes_version

enable_shielded_nodes = var.enable_shielded_nodes

# Whether to enable legacy Attribute-Based Access Control (ABAC). RBAC has significant security advantages over ABAC.
enable_legacy_abac = var.enable_legacy_abac

Expand Down Expand Up @@ -105,8 +107,9 @@ resource "google_container_cluster" "cluster" {
}

master_auth {
username = var.basic_auth_username
password = var.basic_auth_password
client_certificate_config {
issue_client_certificate = false
}
}

dynamic "master_authorized_networks_config" {
Expand Down Expand Up @@ -163,7 +166,7 @@ resource "google_container_cluster" "cluster" {
for_each = local.workload_identity_config

content {
identity_namespace = workload_identity_config.value.identity_namespace
workload_pool = workload_identity_config.value.workload_pool
}
}

Expand Down
20 changes: 7 additions & 13 deletions modules/gke-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,18 +172,6 @@ variable "enable_network_policy" {
default = true
}

variable "basic_auth_username" {
description = "The username used for basic auth; set both this and `basic_auth_password` to \"\" to disable basic auth."
type = string
default = ""
}

variable "basic_auth_password" {
description = "The password used for basic auth; set both this and `basic_auth_username` to \"\" to disable basic auth."
type = string
default = ""
}

variable "enable_client_certificate_authentication" {
description = "Whether to enable authentication by x509 certificates. With ABAC disabled, these certificates are effectively useless."
type = bool
Expand Down Expand Up @@ -222,8 +210,14 @@ variable "enable_workload_identity" {
type = bool
}

variable "identity_namespace" {
variable "workload_pool" {
description = "Workload Identity Namespace. Default sets project based namespace [project_id].svc.id.goog"
default = null
type = string
}

variable "enable_shielded_nodes" {
description = "Enable shielded nodes features on all nodes in this cluster. Default is set to true"
default = true
type = bool
}