blueprints

GoogleCloudPlatform · Dec 11, 2024 · 0a7d975 · 0a7d975
1 parent 9ae9134
commit 0a7d975
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 21 deletions.
diff --git a/blueprints/gke/autopilot/cluster.tf b/blueprints/gke/autopilot/cluster.tf
@@ -19,12 +19,17 @@ module "cluster" {
   project_id = module.project.project_id
   name       = "cluster"
   location   = var.region
+  access_config = {
+    ip_access = {
+      authorized_ranges = (
+        var.cluster_network_config.master_authorized_cidr_blocks
+      )
+    }
+  }
   vpc_config = {
-    network                  = module.vpc.self_link
-    subnetwork               = module.vpc.subnet_self_links["${var.region}/subnet-cluster"]
-    secondary_range_names    = {}
-    master_authorized_ranges = var.cluster_network_config.master_authorized_cidr_blocks
-    master_ipv4_cidr_block   = var.cluster_network_config.master_cidr_block
+    network               = module.vpc.self_link
+    subnetwork            = module.vpc.subnet_self_links["${var.region}/subnet-cluster"]
+    secondary_range_names = {}
   }
   # enable_features = {
   #   autopilot = true

diff --git a/blueprints/gke/patterns/autopilot-cluster/cluster.tf b/blueprints/gke/patterns/autopilot-cluster/cluster.tf
@@ -76,16 +76,15 @@ module "cluster" {
   deletion_protection = var.cluster_create.deletion_protection
   name                = var.cluster_name
   location            = var.region
-  vpc_config = {
-    network                  = local.cluster_vpc.network
-    subnetwork               = local.cluster_vpc.subnet
-    secondary_range_names    = local.cluster_vpc.secondary_range_names
-    master_authorized_ranges = var.cluster_create.master_authorized_ranges
-    master_ipv4_cidr_block   = var.cluster_create.master_ipv4_cidr_block
+  access_config = {
+    ip_access = {
+      authorized_ranges = var.cluster_create.master_authorized_ranges
+    }
   }
-  private_cluster_config = {
-    enable_private_endpoint = true
-    master_global_access    = true
+  vpc_config = {
+    network               = local.cluster_vpc.network
+    subnetwork            = local.cluster_vpc.subnet
+    secondary_range_names = local.cluster_vpc.secondary_range_names
   }
   node_config = {
     service_account = module.cluster-service-account[0].email

diff --git a/blueprints/secops/secops-gke-forwarder/main.tf b/blueprints/secops/secops-gke-forwarder/main.tf
@@ -61,19 +61,18 @@ module "chronicle-forwarder" {
   name                = var.chronicle_forwarder.cluster_name
   location            = var.region
   deletion_protection = false
+  access_config = {
+    ip_access = {
+      authorized_ranges = var.chronicle_forwarder.master_authorized_ranges
+    }
+  }
   vpc_config = {
     network    = var.network_config.network_self_link
     subnetwork = var.network_config.subnet_self_link
     secondary_range_names = {
       pods     = "pods"
       services = "services"
     }
-    master_ipv4_cidr_block   = var.network_config.ip_range_gke_master
-    master_authorized_ranges = var.chronicle_forwarder.master_authorized_ranges
-  }
-  private_cluster_config = {
-    enable_private_endpoint = true
-    master_global_access    = true
   }
   enable_features = {
     gateway_api = true
@@ -100,4 +99,4 @@ module "chronicle-forwarder-deployment" {
   source     = "./secops-forwarder-deployment"
   depends_on = [module.chronicle-forwarder]
   tenants    = var.tenants
-}
+}