From 78c54287bd7bc456315daab4107de89fc4423022 Mon Sep 17 00:00:00 2001
From: Janos Lenart <janos@lenart.io>
Date: Fri, 30 Mar 2018 18:10:25 +0100
Subject: [PATCH] Adding private_cluster (#1250)

* Updated google.golang.org/api/container/v1beta1

* Added support for private_cluster and master_ipv4_cidr

This is to implement #1174. See
https://groups.google.com/forum/#!topic/google-cloud-sdk-announce/GGW3SQSANIc

* Added simple test for private_cluster and master_ipv4_cidr

* Review replies

* Added some documentation for private_cluster
---
 docs/r/container_cluster.html.markdown | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/r/container_cluster.html.markdown b/docs/r/container_cluster.html.markdown
index 6218b0a7578..a000ea5b17d 100644
--- a/docs/r/container_cluster.html.markdown
+++ b/docs/r/container_cluster.html.markdown
@@ -117,6 +117,10 @@ output "cluster_ca_certificate" {
     for master authorized networks. Omit the nested `cidr_blocks` attribute to disallow
     external access (except the cluster node IPs, which GKE automatically whitelists).
 
+* `master_ipv4_cidr_block` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Specifies a private
+    [RFC1918](https://tools.ietf.org/html/rfc1918) block for the master's VPC. The master range must not overlap with any subnet in your cluster's VPC.
+    The master and your cluster use VPC peering. Must be specified in CIDR notation and must be `/28` subnet.
+
 * `min_master_version` - (Optional) The minimum version of the master. GKE
     will auto-update the master to new versions, so this does not guarantee the
     current master version--use the read-only `master_version` field to obtain that.
@@ -152,6 +156,11 @@ output "cluster_ca_certificate" {
     [PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature.
     Structure is documented below.
 
+* `private_cluster` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) If true, a
+    [private cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters) will be created, which makes
+    the master inaccessible from the public internet and nodes do not get public IP addresses either. It is mandatory to specify
+    `master_ipv4_cidr_block` and `ip_allocation_policy` with this option.
+
 * `project` - (Optional) The ID of the project in which the resource belongs. If it
     is not provided, the provider project is used.