From 0a7d97568d1c196aa62867c8d7427c7e0c06ebe7 Mon Sep 17 00:00:00 2001 From: Ludo Date: Wed, 11 Dec 2024 15:23:30 +0100 Subject: [PATCH] blueprints --- blueprints/gke/autopilot/cluster.tf | 15 ++++++++++----- .../gke/patterns/autopilot-cluster/cluster.tf | 17 ++++++++--------- blueprints/secops/secops-gke-forwarder/main.tf | 13 ++++++------- 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/blueprints/gke/autopilot/cluster.tf b/blueprints/gke/autopilot/cluster.tf index d18de5f4f9..1e0cd0cd41 100644 --- a/blueprints/gke/autopilot/cluster.tf +++ b/blueprints/gke/autopilot/cluster.tf @@ -19,12 +19,17 @@ module "cluster" { project_id = module.project.project_id name = "cluster" location = var.region + access_config = { + ip_access = { + authorized_ranges = ( + var.cluster_network_config.master_authorized_cidr_blocks + ) + } + } vpc_config = { - network = module.vpc.self_link - subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-cluster"] - secondary_range_names = {} - master_authorized_ranges = var.cluster_network_config.master_authorized_cidr_blocks - master_ipv4_cidr_block = var.cluster_network_config.master_cidr_block + network = module.vpc.self_link + subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-cluster"] + secondary_range_names = {} } # enable_features = { # autopilot = true diff --git a/blueprints/gke/patterns/autopilot-cluster/cluster.tf b/blueprints/gke/patterns/autopilot-cluster/cluster.tf index 91f08c3f8a..69285b2bc9 100644 --- a/blueprints/gke/patterns/autopilot-cluster/cluster.tf +++ b/blueprints/gke/patterns/autopilot-cluster/cluster.tf @@ -76,16 +76,15 @@ module "cluster" { deletion_protection = var.cluster_create.deletion_protection name = var.cluster_name location = var.region - vpc_config = { - network = local.cluster_vpc.network - subnetwork = local.cluster_vpc.subnet - secondary_range_names = local.cluster_vpc.secondary_range_names - master_authorized_ranges = var.cluster_create.master_authorized_ranges - master_ipv4_cidr_block = var.cluster_create.master_ipv4_cidr_block + access_config = { + ip_access = { + authorized_ranges = var.cluster_create.master_authorized_ranges + } } - private_cluster_config = { - enable_private_endpoint = true - master_global_access = true + vpc_config = { + network = local.cluster_vpc.network + subnetwork = local.cluster_vpc.subnet + secondary_range_names = local.cluster_vpc.secondary_range_names } node_config = { service_account = module.cluster-service-account[0].email diff --git a/blueprints/secops/secops-gke-forwarder/main.tf b/blueprints/secops/secops-gke-forwarder/main.tf index cbf256cb72..bc3c8e870b 100644 --- a/blueprints/secops/secops-gke-forwarder/main.tf +++ b/blueprints/secops/secops-gke-forwarder/main.tf @@ -61,6 +61,11 @@ module "chronicle-forwarder" { name = var.chronicle_forwarder.cluster_name location = var.region deletion_protection = false + access_config = { + ip_access = { + authorized_ranges = var.chronicle_forwarder.master_authorized_ranges + } + } vpc_config = { network = var.network_config.network_self_link subnetwork = var.network_config.subnet_self_link @@ -68,12 +73,6 @@ module "chronicle-forwarder" { pods = "pods" services = "services" } - master_ipv4_cidr_block = var.network_config.ip_range_gke_master - master_authorized_ranges = var.chronicle_forwarder.master_authorized_ranges - } - private_cluster_config = { - enable_private_endpoint = true - master_global_access = true } enable_features = { gateway_api = true @@ -100,4 +99,4 @@ module "chronicle-forwarder-deployment" { source = "./secops-forwarder-deployment" depends_on = [module.chronicle-forwarder] tenants = var.tenants -} \ No newline at end of file +}