diff --git a/examples/gke-serverless/multitenant-fleet/README.md b/examples/gke-serverless/multitenant-fleet/README.md
index c1ae7476f..a4d6382c4 100644
--- a/examples/gke-serverless/multitenant-fleet/README.md
+++ b/examples/gke-serverless/multitenant-fleet/README.md
@@ -140,9 +140,9 @@ fleet_features = {
| [clusters](variables.tf#L61) | | map(object({…})) | ✓ | | |
| [folder_id](variables.tf#L163) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string | ✓ | | |
| [nodepools](variables.tf#L206) | | map(map(object({…}))) | ✓ | | |
-| [prefix](variables.tf#L223) | Prefix used for resources that need unique names. | string | ✓ | | |
-| [project_id](variables.tf#L228) | ID of the project that will contain all the clusters. | string | ✓ | | |
-| [vpc_config](variables.tf#L240) | Shared VPC project and VPC details. | object({…}) | ✓ | | |
+| [prefix](variables.tf#L236) | Prefix used for resources that need unique names. | string | ✓ | | |
+| [project_id](variables.tf#L241) | ID of the project that will contain all the clusters. | string | ✓ | | |
+| [vpc_config](variables.tf#L253) | Shared VPC project and VPC details. | object({…}) | ✓ | | |
| [authenticator_security_group](variables.tf#L21) | Optional group used for Groups for GKE. | string | | null | |
| [cluster_defaults](variables.tf#L32) | Default values for optional cluster configurations. | object({…}) | | {…} | |
| [dns_domain](variables.tf#L94) | Domain name used for clusters, prefixed by each cluster name. Leave null to disable Cloud DNS for GKE. | string | | null | |
@@ -154,7 +154,8 @@ fleet_features = {
| [iam](variables.tf#L175) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | |
| [labels](variables.tf#L182) | Project-level labels. | map(string) | | {} | |
| [nodepool_defaults](variables.tf#L188) | | object({…}) | | {…} | |
-| [project_services](variables.tf#L233) | Additional project services to enable. | list(string) | | [] | |
+| [peering_config](variables.tf#L223) | Configure peering with the control plane VPC. Requires compute.networks.updatePeering. Set to null if you don't want to update the default peering configuration. | object({…}) | | {…} | |
+| [project_services](variables.tf#L246) | Additional project services to enable. | list(string) | | [] | |
## Outputs
diff --git a/examples/gke-serverless/multitenant-fleet/gke-clusters.tf b/examples/gke-serverless/multitenant-fleet/gke-clusters.tf
index f94039dc5..8e04d780b 100644
--- a/examples/gke-serverless/multitenant-fleet/gke-clusters.tf
+++ b/examples/gke-serverless/multitenant-fleet/gke-clusters.tf
@@ -73,12 +73,9 @@ module "gke-cluster" {
logging_config = ["SYSTEM_COMPONENTS", "WORKLOADS"]
monitoring_config = ["SYSTEM_COMPONENTS", "WORKLOADS"]
- # if you don't have compute.networks.updatePeering in the host
- # project, comment the next lines and ask your network admin to
- # create the peering for you
- peering_config = {
- export_routes = true
- import_routes = false
+ peering_config = var.peering_config == null ? null : {
+ export_routes = var.peering_config.export_routes
+ import_routes = var.peering_config.import_routes
project_id = var.vpc_config.host_project_id
}
resource_usage_export_config = {
@@ -116,5 +113,4 @@ module "gke-cluster" {
# memory_max = each.value.cluster_autoscaling.memory_max
# }
# }
-
}
diff --git a/examples/gke-serverless/multitenant-fleet/variables.tf b/examples/gke-serverless/multitenant-fleet/variables.tf
index 2354b136d..37138c379 100644
--- a/examples/gke-serverless/multitenant-fleet/variables.tf
+++ b/examples/gke-serverless/multitenant-fleet/variables.tf
@@ -220,6 +220,19 @@ variable "nodepools" {
})))
}
+variable "peering_config" {
+ description = "Configure peering with the control plane VPC. Requires compute.networks.updatePeering. Set to null if you don't want to update the default peering configuration."
+ type = object({
+ export_routes = bool
+ import_routes = bool
+ })
+ default = {
+ export_routes = true
+ // TODO(jccb) is there any situation where the control plane VPC would export any routes?
+ import_routes = false
+ }
+}
+
variable "prefix" {
description = "Prefix used for resources that need unique names."
type = string
diff --git a/fast/stages/03-gke-multitenant/dev/README.md b/fast/stages/03-gke-multitenant/dev/README.md
index f7eea314d..969828616 100644
--- a/fast/stages/03-gke-multitenant/dev/README.md
+++ b/fast/stages/03-gke-multitenant/dev/README.md
@@ -92,7 +92,7 @@ Leave all these variables unset (or set to `null`) to disable fleet management.
## Running Terraform
-Once the [providers](#providers-configuration) and [variable](#variable-configuration) configuration is complete, you can apply this stage:
+Once the [provider](#providers-configuration) and [variable](#variable-configuration) configuration is complete, you can apply this stage:
```bash
terraform init