Skip to content

Commit 7e3b22c

Browse files
committed
feat: add dns_allow_external_traffic
1 parent 3cd930c commit 7e3b22c

File tree

31 files changed

+116
-14
lines changed

31 files changed

+116
-14
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,7 @@ Then perform the following commands on the root folder:
161161
| description | The description of the cluster | `string` | `""` | no |
162162
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
163163
| disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no |
164+
| dns\_allow\_external\_traffic | (Optional) Controls whether external traffic is allowed over the dns endpoint. | `bool` | `null` | no |
164165
| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no |
165166
| enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no |
166167
| enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |

autogen/main/cluster.tf.tmpl

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -666,15 +666,15 @@ resource "google_container_cluster" "primary" {
666666
}
667667
}
668668

669+
{% endif %}
669670
dynamic "control_plane_endpoints_config" {
670-
for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : []
671+
for_each = var.dns_allow_external_traffic != null ? [1] : []
671672
content {
672673
dns_endpoint_config {
673-
allow_external_traffic = var.deploy_using_private_endpoint
674+
allow_external_traffic = var.dns_allow_external_traffic
674675
}
675676
}
676677
}
677-
{% endif %}
678678

679679
{% if autopilot_cluster != true %}
680680
remove_default_node_pool = var.remove_default_node_pool

autogen/main/variables.tf.tmpl

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1043,3 +1043,9 @@ variable "enterprise_config" {
10431043
type = string
10441044
default = null
10451045
}
1046+
1047+
variable "dns_allow_external_traffic" {
1048+
description = "(Optional) Controls whether external traffic is allowed over the dns endpoint."
1049+
type = bool
1050+
default = null
1051+
}

cluster.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -508,6 +508,14 @@ resource "google_container_cluster" "primary" {
508508
}
509509
}
510510

511+
dynamic "control_plane_endpoints_config" {
512+
for_each = var.dns_allow_external_traffic != null ? [1] : []
513+
content {
514+
dns_endpoint_config {
515+
allow_external_traffic = var.dns_allow_external_traffic
516+
}
517+
}
518+
}
511519

512520
remove_default_node_pool = var.remove_default_node_pool
513521

examples/node_pool/main.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ module "gke" {
4545
deletion_protection = false
4646
service_account = "default"
4747
logging_variant = "MAX_THROUGHPUT"
48+
dns_allow_external_traffic = true
4849

4950
node_pools = [
5051
{

modules/beta-autopilot-private-cluster/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,7 @@ Then perform the following commands on the root folder:
8787
| deploy\_using\_private\_endpoint | A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no |
8888
| description | The description of the cluster | `string` | `""` | no |
8989
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
90+
| dns\_allow\_external\_traffic | (Optional) Controls whether external traffic is allowed over the dns endpoint. | `bool` | `null` | no |
9091
| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `true` | no |
9192
| enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no |
9293
| enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |

modules/beta-autopilot-private-cluster/cluster.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -334,10 +334,10 @@ resource "google_container_cluster" "primary" {
334334
}
335335

336336
dynamic "control_plane_endpoints_config" {
337-
for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : []
337+
for_each = var.dns_allow_external_traffic != null ? [1] : []
338338
content {
339339
dns_endpoint_config {
340-
allow_external_traffic = var.deploy_using_private_endpoint
340+
allow_external_traffic = var.dns_allow_external_traffic
341341
}
342342
}
343343
}

modules/beta-autopilot-private-cluster/variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -613,3 +613,9 @@ variable "enterprise_config" {
613613
type = string
614614
default = null
615615
}
616+
617+
variable "dns_allow_external_traffic" {
618+
description = "(Optional) Controls whether external traffic is allowed over the dns endpoint."
619+
type = bool
620+
default = null
621+
}

modules/beta-autopilot-public-cluster/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,7 @@ Then perform the following commands on the root folder:
8181
| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
8282
| description | The description of the cluster | `string` | `""` | no |
8383
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
84+
| dns\_allow\_external\_traffic | (Optional) Controls whether external traffic is allowed over the dns endpoint. | `bool` | `null` | no |
8485
| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `true` | no |
8586
| enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no |
8687
| enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |

modules/beta-autopilot-public-cluster/cluster.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -311,6 +311,14 @@ resource "google_container_cluster" "primary" {
311311
}
312312
}
313313

314+
dynamic "control_plane_endpoints_config" {
315+
for_each = var.dns_allow_external_traffic != null ? [1] : []
316+
content {
317+
dns_endpoint_config {
318+
allow_external_traffic = var.dns_allow_external_traffic
319+
}
320+
}
321+
}
314322

315323

316324
dynamic "database_encryption" {

0 commit comments

Comments
 (0)