epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

terraform/gcp: Do not create unused subnetworks and Upgrade to latest google provider (#8497)

Browse Source 
* terraform/gcp: Do not create unused subnetworks

By default terraform creates a subnetwork in each 39 regions

* terraform/gcp: Upgrade to latest google provider

... where "one of source_tags, source_ranges, or source_service_accounts must be defined"
This commit is contained in:
Mathieu Parent
2022-02-01 18:14:11 +01:00
committed by GitHub
parent eacd55fbca
commit 958bca8800
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/terraform/gcp/main.tf
View File

@@ -2,7 +2,7 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = "~> 3.48" version = "~> 4.0"
} }
} }
} }

8
contrib/terraform/gcp/modules/kubernetes-cluster/main.tf
View File

@@ -5,6 +5,8 @@
resource "google_compute_network" "main" { resource "google_compute_network" "main" {
name = "${var.prefix}-network" name = "${var.prefix}-network"
auto_create_subnetworks = false
} }
resource "google_compute_subnetwork" "main" { resource "google_compute_subnetwork" "main" {
@@ -20,6 +22,8 @@ resource "google_compute_firewall" "deny_all" {
priority = 1000 priority = 1000
source_ranges = ["0.0.0.0/0"]
deny { deny {
protocol = "all" protocol = "all"
} }
@@ -86,6 +90,8 @@ resource "google_compute_firewall" "ingress_http" {
priority = 100 priority = 100
source_ranges = ["0.0.0.0/0"]
allow { allow {
protocol = "tcp" protocol = "tcp"
ports = ["80"] ports = ["80"]
@@ -98,6 +104,8 @@ resource "google_compute_firewall" "ingress_https" {
priority = 100 priority = 100
source_ranges = ["0.0.0.0/0"]
allow { allow {
protocol = "tcp" protocol = "tcp"
ports = ["443"] ports = ["443"]