Skip to content

Commit

Permalink
terraform/gcp: Do not create unused subnetworks and Upgrade to latest…
Browse files Browse the repository at this point in the history 
… google provider (kubernetes-sigs#8497)

* terraform/gcp: Do not create unused subnetworks

By default terraform creates a subnetwork in each 39 regions

* terraform/gcp: Upgrade to latest google provider

... where "one of source_tags, source_ranges, or source_service_accounts must be defined"
  • Loading branch information
@sathieu @LuckySB
sathieu authored and LuckySB committed Jun 29, 2023
1 parent 77511d4 commit 3994ee5
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
2 changes: 1 addition & 1 deletion contrib/terraform/gcp/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.48"
version = "~> 4.0"
}
}
}
Expand Down
8 changes: 8 additions & 0 deletions contrib/terraform/gcp/modules/kubernetes-cluster/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

resource "google_compute_network" "main" {
name = "${var.prefix}-network"

auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "main" {
Expand All @@ -20,6 +22,8 @@ resource "google_compute_firewall" "deny_all" {

priority = 1000

source_ranges = ["0.0.0.0/0"]

deny {
protocol = "all"
}
Expand Down Expand Up @@ -86,6 +90,8 @@ resource "google_compute_firewall" "ingress_http" {

priority = 100

source_ranges = ["0.0.0.0/0"]

allow {
protocol = "tcp"
ports = ["80"]
Expand All @@ -98,6 +104,8 @@ resource "google_compute_firewall" "ingress_https" {

priority = 100

source_ranges = ["0.0.0.0/0"]

allow {
protocol = "tcp"
ports = ["443"]
Expand Down

0 comments on commit 3994ee5

Please sign in to comment.