From 2426401f75ae3e86205ef1f8a038fd3a36c44985 Mon Sep 17 00:00:00 2001 From: William Yardley Date: Fri, 27 Sep 2024 09:56:45 -0700 Subject: [PATCH] fix: ignore control plane network when private endpoint subnet is set Set `master_ipv4_cidr_block` to `null` when `private_endpoint_subnetwork` is set, as the two conflict. Fixes #2119 --- autogen/main/cluster.tf.tmpl | 2 +- modules/beta-autopilot-private-cluster/cluster.tf | 2 +- modules/beta-private-cluster-update-variant/cluster.tf | 2 +- modules/beta-private-cluster/cluster.tf | 2 +- modules/private-cluster-update-variant/cluster.tf | 2 +- modules/private-cluster/cluster.tf | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 80200fe7a2..596aef8236 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -597,7 +597,7 @@ resource "google_container_cluster" "primary" { content { enable_private_endpoint = private_cluster_config.value.enable_private_endpoint enable_private_nodes = private_cluster_config.value.enable_private_nodes - master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + master_ipv4_cidr_block = var.private_endpoint_subnetwork == null ? private_cluster_config.value.master_ipv4_cidr_block : null private_endpoint_subnetwork = private_cluster_config.value.private_endpoint_subnetwork dynamic "master_global_access_config" { for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index a725060cc9..62cfa46d95 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -295,7 +295,7 @@ resource "google_container_cluster" "primary" { content { enable_private_endpoint = private_cluster_config.value.enable_private_endpoint enable_private_nodes = private_cluster_config.value.enable_private_nodes - master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + master_ipv4_cidr_block = var.private_endpoint_subnetwork == null ? private_cluster_config.value.master_ipv4_cidr_block : null private_endpoint_subnetwork = private_cluster_config.value.private_endpoint_subnetwork dynamic "master_global_access_config" { for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index f72e09afa1..4ce2398e78 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -516,7 +516,7 @@ resource "google_container_cluster" "primary" { content { enable_private_endpoint = private_cluster_config.value.enable_private_endpoint enable_private_nodes = private_cluster_config.value.enable_private_nodes - master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + master_ipv4_cidr_block = var.private_endpoint_subnetwork == null ? private_cluster_config.value.master_ipv4_cidr_block : null private_endpoint_subnetwork = private_cluster_config.value.private_endpoint_subnetwork dynamic "master_global_access_config" { for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index a4d1fa97a8..76a2ea084d 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -516,7 +516,7 @@ resource "google_container_cluster" "primary" { content { enable_private_endpoint = private_cluster_config.value.enable_private_endpoint enable_private_nodes = private_cluster_config.value.enable_private_nodes - master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + master_ipv4_cidr_block = var.private_endpoint_subnetwork == null ? private_cluster_config.value.master_ipv4_cidr_block : null private_endpoint_subnetwork = private_cluster_config.value.private_endpoint_subnetwork dynamic "master_global_access_config" { for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index f857959530..2d2f5ca5f5 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -462,7 +462,7 @@ resource "google_container_cluster" "primary" { content { enable_private_endpoint = private_cluster_config.value.enable_private_endpoint enable_private_nodes = private_cluster_config.value.enable_private_nodes - master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + master_ipv4_cidr_block = var.private_endpoint_subnetwork == null ? private_cluster_config.value.master_ipv4_cidr_block : null private_endpoint_subnetwork = private_cluster_config.value.private_endpoint_subnetwork dynamic "master_global_access_config" { for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 382e1b8cfd..5f3886a4ff 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -462,7 +462,7 @@ resource "google_container_cluster" "primary" { content { enable_private_endpoint = private_cluster_config.value.enable_private_endpoint enable_private_nodes = private_cluster_config.value.enable_private_nodes - master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + master_ipv4_cidr_block = var.private_endpoint_subnetwork == null ? private_cluster_config.value.master_ipv4_cidr_block : null private_endpoint_subnetwork = private_cluster_config.value.private_endpoint_subnetwork dynamic "master_global_access_config" { for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : []