Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enable toggle for DNS-based GKE endpoint #1363

Merged
merged 1 commit into from
Dec 1, 2024
Merged

enable toggle for DNS-based GKE endpoint #1363

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions terraform/gcp/modules/gke_cluster/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ resource "google_container_cluster" "cluster" {
display_name = var.display_name
cidr_block = format("%s/32", var.bastion_ip_address)
}
private_endpoint_enforcement_enabled = var.enable_private_endpoint
}

// Configure the cluster to have private nodes and private control plane access only
Expand All @@ -122,6 +123,14 @@ resource "google_container_cluster" "cluster" {
master_ipv4_cidr_block = var.master_ipv4_cidr_block
}

// Configure the cluster to use DNS endpoint configuration
// https://cloud.google.com/blog/products/containers-kubernetes/new-dns-based-endpoint-for-the-gke-control-plane
control_plane_endpoints_config {
dns_endpoint_config {
allow_external_traffic = var.dns_control_plane_endpoint
}
}

# GKE Dataplane v2 comes with network policy, network policy needs to be disabled to enable dataplane v2.
network_policy {
enabled = var.network_policy_enabled
Expand Down
5 changes: 5 additions & 0 deletions terraform/gcp/modules/gke_cluster/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ output "cluster_endpoint" {
value = google_container_cluster.cluster.endpoint
}

output "cluster_dns_endpoint" {
description = "Cluster DNS endpoint"
value = google_container_cluster.cluster.control_plane_endpoints_config[0].dns_endpoint_config[0].endpoint
}

output "cluster_location" {
description = "Cluster location"
value = google_container_cluster.cluster.location
Expand Down
6 changes: 6 additions & 0 deletions terraform/gcp/modules/gke_cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,3 +231,9 @@ variable "oauth_scopes" {
type = list(string)
default = ["https://www.googleapis.com/auth/cloud-platform"]
}

variable "dns_control_plane_endpoint" {
description = "enable DNS-based control plane endpoint"
type = bool
default = false
}
3 changes: 3 additions & 0 deletions terraform/gcp/modules/sigstore/sigstore.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,9 @@ module "gke-cluster" {

oauth_scopes = var.gke_oauth_scopes

enable_private_endpoint = var.gke_use_ip_endpoint
dns_control_plane_endpoint = var.gke_use_dns_endpoint

depends_on = [
module.network,
module.bastion,
Expand Down
12 changes: 12 additions & 0 deletions terraform/gcp/modules/sigstore/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -423,3 +423,15 @@ variable "gke_oauth_scopes" {
type = list(string)
default = ["https://www.googleapis.com/auth/cloud-platform"]
}

variable "gke_use_dns_endpoint" {
description = "Use DNS-based control plane endpoint for GKE cluster"
type = bool
default = false
}

variable "gke_use_ip_endpoint" {
description = "Use IP-based control plane endpoint for GKE cluster"
type = bool
default = true
}