Adding private_cluster (hashicorp#1250)

* Updated google.golang.org/api/container/v1beta1 * Added support for private_cluster and master_ipv4_cidr This is to implement hashicorp#1174. See https://groups.google.com/forum/#!topic/google-cloud-sdk-announce/GGW3SQSANIc * Added simple test for private_cluster and master_ipv4_cidr * Review replies * Added some documentation for private_cluster
chrisst · Mar 30, 2018 · 78c5428 · 78c5428
1 parent 4a06fd2
commit 78c5428
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/docs/r/container_cluster.html.markdown b/docs/r/container_cluster.html.markdown
@@ -117,6 +117,10 @@ output "cluster_ca_certificate" {
     for master authorized networks. Omit the nested `cidr_blocks` attribute to disallow
     external access (except the cluster node IPs, which GKE automatically whitelists).
 
+* `master_ipv4_cidr_block` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Specifies a private
+    [RFC1918](https://tools.ietf.org/html/rfc1918) block for the master's VPC. The master range must not overlap with any subnet in your cluster's VPC.
+    The master and your cluster use VPC peering. Must be specified in CIDR notation and must be `/28` subnet.
+
 * `min_master_version` - (Optional) The minimum version of the master. GKE
     will auto-update the master to new versions, so this does not guarantee the
     current master version--use the read-only `master_version` field to obtain that.
@@ -152,6 +156,11 @@ output "cluster_ca_certificate" {
     [PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature.
     Structure is documented below.
 
+* `private_cluster` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) If true, a
+    [private cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters) will be created, which makes
+    the master inaccessible from the public internet and nodes do not get public IP addresses either. It is mandatory to specify
+    `master_ipv4_cidr_block` and `ip_allocation_policy` with this option.
+
 * `project` - (Optional) The ID of the project in which the resource belongs. If it
     is not provided, the provider project is used.