Add LEAP hub

Ref 2i2c-org#1050
yuvipanda · Mar 9, 2022 · 93aba4e · 93aba4e
1 parent 61b89c0
commit 93aba4e
Show file tree

Hide file tree

Showing 9 changed files with 264 additions and 5 deletions.
diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml
@@ -45,6 +45,8 @@ jobs:
             provider: gcp
           - cluster_name: pangeo-hubs
             provider: gcp
+          - cluster_name: leap
+            provider: gcp
           - cluster_name: utoronto
             provider: kubeconfig
           - cluster_name: azure.carbonplan

diff --git a/config/clusters/leap/cluster.yaml b/config/clusters/leap/cluster.yaml
@@ -0,0 +1,29 @@
+name: pangeo-hubs
+provider: gcp
+gcp:
+  key: enc-deployer-credentials.secret.json
+  project: leap-pangeo
+  cluster: leap-cluster
+  zone: us-central1-b
+support:
+  helm_chart_values_files:
+    - support.values.yaml
+hubs:
+  - name: staging
+    display_name: "LEAP Staging"
+    domain: staging.leap.2i2c.cloud
+    helm_chart: daskhub
+    auth0:
+      enabled: false
+    helm_chart_values_files:
+      - common.values.yaml
+      - enc-staging.secret.values.yaml
+  - name: prod
+    display_name: "LEAP Prod"
+    domain: leap.2i2c.cloud
+    helm_chart: daskhub
+    auth0:
+      enabled: false
+    helm_chart_values_files:
+      - common.values.yaml
+      - enc-prod.secret.values.yaml
diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml
@@ -0,0 +1,125 @@
+basehub:
+  nfs:
+    enabled: true
+    pv:
+      mountOptions:
+        - soft
+        - noatime
+      # Google FileStore IP
+      serverIP: 10.236.154.106
+      # Name of Google Filestore share
+      baseShareName: /homes/
+  jupyterhub:
+    proxy:
+      https:
+        enabled: false
+    custom:
+      2i2c:
+        add_staff_user_ids_to_admin_users: true
+        add_staff_user_ids_of_type: "github"
+      cloudResources:
+        provider: gcp
+        gcp:
+          projectId: leap-pangeo
+        scratchBucket:
+          enabled: false
+      homepage:
+        templateVars:
+          org:
+            name: LEAP
+            url: https://leap-stc.github.io
+            logo_url: https://leap-stc.github.io/_static/LEAP_logo.png
+          designed_by:
+            name: 2i2c
+            url: https://2i2c.org
+          operated_by:
+            name: 2i2c
+            url: https://2i2c.org
+          funded_by:
+            name: LEAP
+            url: https://leap-stc.github.io
+    hub:
+      config:
+        Authenticator:
+          # This hub uses GitHub Teams auth and so we don't set
+          # allowed_users in order to not deny access to valid members of
+          # the listed teams. These people should have admin access though.
+          admin_users:
+            - rabernat
+        JupyterHub:
+          authenticator_class: github
+        GitHubOAuthenticator:
+          allowed_organizations:
+            - pangeo-data:us-central1-b-gcp
+            - 2i2c-org:tech-team
+          scope:
+            - read:org
+    singleuser:
+      image:
+        name: pangeo/pangeo-notebook
+        tag: bcfacc5
+      profileList:
+        # The mem-guarantees are here so k8s doesn't schedule other pods
+        # on these nodes. They need to be just under total allocatable
+        # RAM on a node, not total node capacity
+        - display_name: "Small (1 GB - 4 GB)"
+          default: true
+          kubespawner_override:
+            cpu_limit: 2
+            cpu_guarantee: 0.3
+            mem_limit: 4G
+            mem_guarantee: 1G
+            node_selector:
+              node.kubernetes.io/instance-type: n1-standard-4
+        - display_name: "Medium (4 GB - 8 GB)"
+          kubespawner_override:
+            cpu_limit: 2
+            cpu_guarantee: 1
+            mem_limit: 8G
+            mem_guarantee: 4G
+            node_selector:
+              node.kubernetes.io/instance-type: n1-standard-8
+        - display_name: "Large (12 GB - 16 GB)"
+          kubespawner_override:
+            cpu_limit: 4
+            cpu_guarantee: 1
+            mem_limit: 16G
+            mem_guarantee: 12G
+            node_selector:
+              node.kubernetes.io/instance-type: n1-standard-16
+        - display_name: "ML Image - Large (12 GB - 16 GB)"
+          description: "https://github.com/pangeo-data/pangeo-docker-images/tree/master/ml-notebook"
+          kubespawner_override:
+            image: "pangeo/ml-notebook:master"
+            cpu_limit: 2
+            cpu_guarantee: 1
+            mem_limit: 16G
+            mem_guarantee: 12G
+            node_selector:
+              node.kubernetes.io/instance-type: n1-standard-16
+      initContainers:
+        # Need to explicitly fix ownership here, since EFS doesn't do anonuid
+        - name: volume-mount-ownership-fix
+          image: busybox
+          command:
+            [
+              "sh",
+              "-c",
+              "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan",
+            ]
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - name: home
+              mountPath: /home/jovyan
+              subPath: "{username}"
+dask-gateway:
+  gateway:
+    backend:
+      scheduler:
+        cores:
+          request: 0.8
+          limit: 1
+        memory:
+          request: 1G
+          limit: 2G
diff --git a/config/clusters/leap/enc-deployer-credentials.secret.json b/config/clusters/leap/enc-deployer-credentials.secret.json
@@ -0,0 +1,30 @@
+{
+	"type": "ENC[AES256_GCM,data:bXgwRCCuUFr4lQ2E2SNY,iv:s2f8CNR1otvSWHZjBoPU0g0edG9Z1oxp4DR19P3nFcM=,tag:8uaIHlomCatJ3nO94vm+Xg==,type:str]",
+	"project_id": "ENC[AES256_GCM,data:XD/SgAyoYBTSryM=,iv:V8+bdV7rBHqQwOweAD7NpTuFlx59MXFfXyIKZfmy0C0=,tag:YuEn+Nx9FoyU5Mz/othl4g==,type:str]",
+	"private_key_id": "ENC[AES256_GCM,data:RyEVnVqgxNZ1oxHlKAea36r6dSlaqehJJQCNpg4k675vfD8s3oxAYA==,iv:UidkTYHW7UYhVIeLCemr6TfqQlFXstg677iSXkfO6vo=,tag:Yv2f+19B6sKkMZmNuMBm4A==,type:str]",
+	"private_key": "ENC[AES256_GCM,data:W4ZRkRTfkiaAkXjXOPrrmJlnucwrOvCd6yf3KIr7dTQO3vyQSt/sIcLQWx7T7g3G7F337WUC9M9pXB+ubCxvkBnhetcfLldMhCZMeJaHfDnGx6Ym9sN6BfvkevsCIR+bDnS+ErLEXiMz6YL7KmGijY7OHoV8N0nRzpSDLq9biIjaPt2374lw2NYe+620R32+PNVE1gqkctgWwwIr8ASOhFbMVa643JH7H+Mstc1Nb1pdhXMi4ny0gTeceNV02Tp5YSGQRXLzyc122Z8K/4ziehjTGvwrFr/eUzUlyq4jX9d03T8rxKsXTyXG/PxWWj+WUpF8+dkU8M56pXSAJ19ZcrOwrkeIl5pit/nAJOJuyHh8bB+CrW/bCwQPWcGg6W3INl89S9MdEALPieDPpHXqA+/8ZQc99sAxGhzJ2v55PkX6FY5fN8qqgjj2lFze3Ng3IjqL+2t/qMF+h2GddWXp0axTvArjONhhzeWcUqZxCa7TlqWf960ZtLkRTKm3NCYbq1pqFcLQl8BdpNTeliIXypKSENB9wWRwCybX5U1jryuIolhBBQXHa+Qm92z4kpAIUX3Y9aL5vuS1MRkQnIg30lwyR4Dd48QUElWBLAc0aKbXcbJDchAnufq1yRfPnA1z6Zi0g2AqV1YFQfQ0dVqDm6xUegE4PUkFQPHXoGvmK12YZpTDyNr/h3LXGU/KUJA89LNhdbW1KyPepKqcMYwa5lIsSwAJ4il+FDAtyRPG29sRWbNljKA8qCtMLpQsfFoDE+W4KlzWcSpCvU+8s1fbYxiZ8Wf0nxat8CSC2ZTnoMtHJjHvfYit9QBUIKKCNMGTk6SMincBzqL7BlVqJcRS2QQLcCLdkwS/TOZ/yR/12kSZyNr412QC9yKfS/T0OYS7G6MS0BOwDDHKdGHckkFijoXUV4A/tYOH1F6rkauORZSTsVhNz1aVRG5J253e5TxD3M9O8qhCSyadiWJW2vIyP48Sj+sI5Ppp7ydZYRNfCjQp9VqlRidrQm1LXvbDfimEz0YCYKDba3j60/twUTLSnP2aZ0raetFYj4rUKGmlHo2gwpX/zg57Atfc0GUpkj9x/OIA8g9hSz1b5vDT+XweOoLRu72a0XJoL61XGFcp1lrDiz9tSTYi2s4oqLdOQCl2AJmwwUTg0OEeu1vlU7HupakbMRiyzt011o/roFtZj9AESS61r3LVKDXnIBCnRAOlD98sNaHQp/Lg/v0+DwDTlIK3FiqOPDFiOTxvnWdgs5iwY0600fOzpDa5yuBGrbJ2LIHA7KnPyompkXBk7R0WhvIPZE50x+fCuO+Rn96NCnICmBuYucmrNvNIccRz2nfxKCgeyaDGJkFnD0Qwuq4yhVuRe0PAadXrXCdauAuDEhDFJr4j/VkVD3t88ijkSf8he+XC962qi9FanjbSnqZUK1osh30m+cMb2UeVFKIORMoNeXW6vd4sCFOoNCPSlIXckms8b6R14sOrfMZd+g5w/L0I6mhJ04G1FNN6wvD5F6PTa1g/8NgQwxx4ymRtcHq1EoIUZWDauKDEJzMgGXGwzjHOJ5yuoPTzPqunSrYZowAjX+XsHq0YwuAZuza2NyEB1PNPOYHEem2iJRGVIbfnnKWUuGCg378azKnbojwQ6s1dUtUlnSaBkbipgRd+mAuc418vfjljDqEjOvSf6kfV3pKXjTWQlOJJn5YOXYonjsKe9jG5H7HW+QnZpteCT5KtrTpeBjs26R+9frm/+WMUGZJMsDtB1NvgC14MXoS8gh+6DtVXyRG0e8cGK0ICCWzbNB7s09sG8/AZ9EaecUW7ou4SLQg58fqKGXx80VUl7N8Ud0j+WyhlCSbqmm78PL86g64NW4K4ltG9+wxkihiShfxZ+/mJvnwObu3y0nBhzz2ebhQ+gAN6A+sljTXaSQ7RkHWIy1RMVRKW0j37cqlhUUbMykUqo5O5O3QZCzDN7zTQIKugRbeOCx4IPyzSObsmXxG8ebhqWCwqPZgJHJa9dJWli1YEYn7/6Z0Ll/MAAC/oPZkFz0b6/wI1UkuhwhXpOqBvnhYSh5n1kUZ2RdNds02UUkU5rbAviW4519zITFMQ0TpfeZK18VsXha5myG4exzwlP5IIHUqGx/5JD/RfNQ8cRJ2tZKZcWq6QgVsJERtP7iMHIUndofwTbNT5VPC9Y5qHbwnlQziyRtFAqKU+kvoDVi2L9607lFUlrRD3Mt+dUTL9zPSi3qrGgQHw9HQMeI+k2ZdZoQm3fata5VPL0419eb8xivSq,iv:EgD4FRnPUx3eF7lO7mrfjYmmx1QxfGYi5PYbbFh0E/A=,tag:aTr3QIHfxhtdovqFj2R23g==,type:str]",
+	"client_email": "ENC[AES256_GCM,data:1pYHCwTtM2blwTR0PYzRdZxEAcigHYc+dFI0o6H3NfV4Gdp2BI9tSxGsoPxFhg==,iv:XQ9uTRrFoN7DSa1X7lYv89k2uY2o+dOh9MYC6VRkCrc=,tag:nTi4NKlTJn1X8OW55m5rxA==,type:str]",
+	"client_id": "ENC[AES256_GCM,data:U6WS704VI9XtGpPqfm9lxWR3Q7Mi,iv:/xvGuEGfsJcWxqTW2Z9JJSamJ5vrKIJhpkonB+IRDrI=,tag:yBgTt0CgdCmcIvtgiSs5yg==,type:str]",
+	"auth_uri": "ENC[AES256_GCM,data:0qByuvHwcpGgzitfrLq1BF+fYbvPaw0GSLgV9ap6UeVW2Obi30SAyEg=,iv:Su94WLXfURaDcYS6kfq3pNScwcmvVOIHEQmr4nL0m+U=,tag:36JEZaLat0pIabEE9+7HUw==,type:str]",
+	"token_uri": "ENC[AES256_GCM,data:VopsA3EwGJMYx9e9aGln1JQpYbpNw13z1yT7e92VsjdLYfw=,iv:LmpzRcY2tZVspy7CYMMnORybq9zwcgNRCeCuFyKGV5E=,tag:d2VfyqSA+FpQgCF68lp3Hw==,type:str]",
+	"auth_provider_x509_cert_url": "ENC[AES256_GCM,data:XctyK5UvsjLXpDf2nuvHrrPb6Xeof80vd4voZTT4lHj1PqScsFxCQx0h,iv:kwvSoStJdIUbMJasX6r0i0Ahh5vWdbKQdfgNNAfApso=,tag:+mWUAoiF/K8sS/bWRxQBpg==,type:str]",
+	"client_x509_cert_url": "ENC[AES256_GCM,data:8X40APDF+qU0QxB/fAl9d3QEK+xV+nadmiEGXWeDVUwWhfHDvKGfmxhQpuq9Jlezh78ZJqk582gji9zbk76jj96MKsDpCTLxVk0afc2kAHhfdWyZr3rWCsApZx1bsJx6Jzs=,iv:86Y1ykaCpyF+GASy9V+wxfmagZgIjFcUqO+f+IV7wuw=,tag:gSHMz9BeGIpMrufCeLoKvA==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": [
+			{
+				"resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs",
+				"created_at": "2022-03-09T10:01:06Z",
+				"enc": "CiQA4OM7eL+21cxRUstcvIlnsMZrFbLDsiQpXe8XPMnIpbe033ISSADm5XgWSJUtlvvXtnkfqnnyCGz/4hSG6Sm1Mb2C713GGAJrg8oILKXAhrQn7Grp9Ayi48nhjXLltdNRBdEJWkLVv6WvLWcktA=="
+			}
+		],
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": null,
+		"lastmodified": "2022-03-09T10:01:07Z",
+		"mac": "ENC[AES256_GCM,data:R82w7fgEsBoeU/EN4eHS/0IFijn0ts3SjE46/LGpQbb+NtvFf4ynmvp7GOpbV03J9GgWpY1vaoREkkrtbNg+CUNLpbHx4Bg2LFz1QFCYuG6NN/7DbunvEQwHZrd1QmA4MX0CsnQzWzrrXSvZw2W8AX1HNeo9bClvdHOBzGlZctQ=,iv:1Vjso4F+eO+gV1gsx+4OMzxh9WEsC5COZaI+LLmC4kU=,tag:b215foOX/93CciksTJCUDA==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.1"
+	}
+}
diff --git a/config/clusters/leap/enc-grafana-token.secret.yaml b/config/clusters/leap/enc-grafana-token.secret.yaml
@@ -0,0 +1,15 @@
+grafana_token: ENC[AES256_GCM,data:PBK+VcnU3cq2cVa7nZwJyVdWWwkcsxslGKiH1nhxBpgFEKC8iylsxhEZb5c89Hy15tFxZ4qNfCOZ4ztwrIVsCQ==,iv:Y+KqfLhpJvgYBw/6IP9Rg3w+qbnS1amvBf2QgFvPx/U=,tag:owkBbmy0W6bUbqtIJepOqg==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+          created_at: "2022-02-24T17:56:52Z"
+          enc: CiQA4OM7eA1jS3a2zwDnUXuczQfvJW5u9Zp3QHRgCZjXk1ha/P4SSQDm5XgWif8sOYLkjo9k+hTKISv4PddEGATlvRChHeNZREfg2nreeDYujK6tOdiXplp8Yzv+uWxnxxUvlYPbhvReCDgmuEKLGI0=
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-03-09T09:29:33Z"
+    mac: ENC[AES256_GCM,data:ymz/1FyIv7KwvB46+NBBEsDLncBSh1b5NNxRrAxgIq7leOWBjHWkrh7kwWBGc5i2dIHsZ39VhG/AHZLZtXlp0ef9+JZyHUcejCLl2aOSbNB+6CqPLLh1ps63bUQYiKB7D7hec//hRMAu+CyT9UHYJkhj4jHT+hMtRgou800LcWA=,iv:6qzJEV9ktMy7jLoHDeAKFjh2CkGgMq7Go6P7+/3NFOo=,tag:s/xCYa0ttNl4yOJDGTy53g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1
diff --git a/config/clusters/leap/enc-prod.secret.values.yaml b/config/clusters/leap/enc-prod.secret.values.yaml
@@ -0,0 +1,22 @@
+basehub:
+    jupyterhub:
+        hub:
+            config:
+                GitHubOAuthenticator:
+                    client_id: ENC[AES256_GCM,data:auopWrLSGIBDtQ4PrZZMYe5XFWM=,iv:+tzBIkE6R3PfJm7oYyJOq84yyD6tB3GXeQ++sYPU7S8=,tag:vQrhczBhRRaFoqqwRWeGHg==,type:str]
+                    client_secret: ENC[AES256_GCM,data:xLL5GJTKSnucssmIQjVhCUwwXyZaYl54/+QzXPFx0dJpX63kaeJufw==,iv:2cyHZvDaoNQtlKiPKf2ACoNuvlww6WE7vcGG6jVXISI=,tag:IRcogW5ZDZWA6Pv8DyVcPg==,type:str]
+                    oauth_callback_url: ENC[AES256_GCM,data:d+/oCcmELV7Tvfe86P4YH8DCnLHI0yid0WoUWH0IKT022b9Ba/rnptYp,iv:SVHQK5yK26JOHV6uWycsLYUk42g6Kl8RahOf5oMbqxc=,tag:HjT+HYo30qqP5yCKcgVZCQ==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+          created_at: "2022-02-24T18:31:21Z"
+          enc: CiQA4OM7eNU4/NC1GSyOypie5mku2r/szfsjQHdxf5CkEib8PWISSQDm5XgWPd3+MJEgP6vyMdkr+5xZCc0MbF1aoNtwLVU/Z9PKOZsw2UgcoYIAHxpoMCm9aC2mS+qZJyq7N5GnR0xxIc3cGMNybVo=
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-03-09T09:36:42Z"
+    mac: ENC[AES256_GCM,data:DfmVtvbHRczSN/9KawreI79Hw9rQExWcpu7UJlCgBSxdA05oiEg+sr3Ylv5Qzthn+v0uYMb3pFWWmJrfz2LoY8Rc7HGWRKNTFvgykE/DX7JHyN5MbM6BvQNHGQeCn2Jcu2QhZvQbm5XgY0KOMJu/3y+DZui8NR2BDpXdco+YCl8=,iv:XHeme2xxOHx+zwixzLugknI0lUuhB+nTtwbVjo6bAE0=,tag:5rPqQL/si+x0VREW0LnkoA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1
diff --git a/config/clusters/leap/enc-staging.secret.values.yaml b/config/clusters/leap/enc-staging.secret.values.yaml
@@ -0,0 +1,22 @@
+basehub:
+    jupyterhub:
+        hub:
+            config:
+                GitHubOAuthenticator:
+                    client_id: ENC[AES256_GCM,data:+AMr1i/FBcFuMHVbLXf7dqfvsWc=,iv:6SyzEQjAgag1ReUANQpKpqzbkZQzXXgztqYY+keuC14=,tag:IfcPSe5+GaSDkFM7lqIemg==,type:str]
+                    client_secret: ENC[AES256_GCM,data:wn3bphxQWosKZC596MSVHiNt0d1BuRmR19YX/FK9mcdmvO1IswQVpQ==,iv:cm2FGIjpXnjOHMUnuGeB1WYAjozErtuYSx99737vtVw=,tag:ZBNPrQCPqGiz+ttCNIE/Ag==,type:str]
+                    oauth_callback_url: ENC[AES256_GCM,data:COFoMWuv8XAmHHHcKh0CohhU63qfTAlRzMVeA0fn9aP7U3KBRuYP6yw/Qh8REDnpgXo=,iv:SL9AE00Gr1VFht9jWIS4ipSX+nAnmii5iNX37l19aTA=,tag:mydwvSO+CjurZF2HkkHe8A==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+          created_at: "2022-02-24T18:04:17Z"
+          enc: CiQA4OM7eP6diuWK5cq1WJfLBHrUaMLetApVQYdQJjlOFUKSsHASSQDm5XgW8L7w2ZN+LPLHBMIcfpO6YIBeajtpkKFnTdpRgbhgR7+fb9p4HHT8z3H1U7nwKuOaQPtsXj2e8ZPjWr/2tqy6ramzlhU=
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-03-09T09:32:24Z"
+    mac: ENC[AES256_GCM,data:f0GDINNXc/xX4Ir0ayXvfgMeZzdqIekpgNPkOtOX80a09wS2AWWG58g36uf6pQwi+WTgDFnIL8TUPxjt3SVCJhKuKtFWuYQW35h3qwoHcsTD6thKASfQtD3CyJaMAzuZkYQYIqHhCFAYIr9cCruxnbOzCK+1b3I3ScAYyj+dBWo=,iv:LX+hyL5S3djX7UWPo6OZ0/+vuk6Jbx2GDFpvt46K1/I=,tag:LE3GBK1vgRavlN8ol89ruQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1
diff --git a/config/clusters/leap/support.values.yaml b/config/clusters/leap/support.values.yaml
@@ -0,0 +1,14 @@
+grafana:
+  ingress:
+    hosts:
+      - grafana.leap.2i2c.cloud
+    tls:
+      - secretName: grafana-tls
+        hosts:
+          - grafana.leap.2i2c.cloud
+prometheus:
+  server:
+    resources:
+      limits:
+        cpu: 2
+        memory: 12Gi
diff --git a/terraform/gcp/storage.tf b/terraform/gcp/storage.tf
@@ -1,8 +1,8 @@
 resource "google_filestore_instance" "homedirs" {
 
-  name = "${var.prefix}-homedirs"
-  zone = var.zone
-  tier = var.filestore_tier
+  name    = "${var.prefix}-homedirs"
+  zone    = var.zone
+  tier    = var.filestore_tier
   project = var.project_id
 
   count = var.enable_filestore ? 1 : 0
@@ -19,7 +19,7 @@ resource "google_filestore_instance" "homedirs" {
   }
 
   networks {
-    network    = var.enable_private_cluster ? data.google_compute_network.default_network.name : null
+    network = google_container_cluster.cluster.network
     modes   = ["MODE_IPV4"]
   }
-}
+}