Refactor GKE cluster modules access configurations, add support for DNS endpoint (#2761)

* stub * gke standard module and tests * blueprints * tfdoc * autopilot * blueprints * tfdoc * gke hub module examples * dataproc and gke fixture
2024-12-12 11:02:24 +01:00
parent d59d182456
commit d86b8d565c
31 changed files with 1143 additions and 381 deletions
--- a/blueprints/secops/secops-gke-forwarder/main.tf
+++ b/blueprints/secops/secops-gke-forwarder/main.tf
@@ -61,6 +61,11 @@ module "chronicle-forwarder" {
  name                = var.chronicle_forwarder.cluster_name
  location            = var.region
  deletion_protection = false
+  access_config = {
+    ip_access = {
+      authorized_ranges = var.chronicle_forwarder.master_authorized_ranges
+    }
+  }
  vpc_config = {
    network    = var.network_config.network_self_link
    subnetwork = var.network_config.subnet_self_link
@@ -68,12 +73,6 @@ module "chronicle-forwarder" {
      pods     = "pods"
      services = "services"
    }
-    master_ipv4_cidr_block   = var.network_config.ip_range_gke_master
-    master_authorized_ranges = var.chronicle_forwarder.master_authorized_ranges
-  }
-  private_cluster_config = {
-    enable_private_endpoint = true
-    master_global_access    = true
  }
  enable_features = {
    gateway_api = true
@@ -100,4 +99,4 @@ module "chronicle-forwarder-deployment" {
  source     = "./secops-forwarder-deployment"
  depends_on = [module.chronicle-forwarder]
  tenants    = var.tenants
-}
+}