diff --git a/cluster_regional.tf b/cluster_regional.tf index 61c2df6b4e..8b6eeb4d1f 100644 --- a/cluster_regional.tf +++ b/cluster_regional.tf @@ -33,6 +33,8 @@ resource "google_container_cluster" "primary" { logging_service = "${var.logging_service}" monitoring_service = "${var.monitoring_service}" + master_authorized_networks_config = "${var.master_authorized_networks_config}" + addons_config { http_load_balancing { disabled = "${var.http_load_balancing ? 0 : 1}" diff --git a/cluster_zonal.tf b/cluster_zonal.tf index 053fcde549..c506558da4 100644 --- a/cluster_zonal.tf +++ b/cluster_zonal.tf @@ -33,6 +33,8 @@ resource "google_container_cluster" "zonal_primary" { logging_service = "${var.logging_service}" monitoring_service = "${var.monitoring_service}" + master_authorized_networks_config = "${var.master_authorized_networks_config}" + addons_config { http_load_balancing { disabled = "${var.http_load_balancing ? 0 : 1}" diff --git a/outputs.tf b/outputs.tf index d74cdbcb31..f979f1ab8c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -58,6 +58,10 @@ output "logging_service" { output "monitoring_service" { description = "Monitoring service used" value = "${local.cluster_monitoring_service}" + +output "master_authorized_networks_config" { + description = "Networks from which access to master is permitted" + value = "${var.master_authorized_networks_config}" } output "master_version" { diff --git a/variables.tf b/variables.tf index 643fcbf0e9..6dc411e644 100644 --- a/variables.tf +++ b/variables.tf @@ -65,6 +65,12 @@ variable "node_version" { default = "" } +variable "master_authorized_networks_config" { + description = "The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)." + type = "list" + default = [] +} + variable "horizontal_pod_autoscaling" { description = "Enable horizontal pod autoscaling addon" default = false