terraform-google-modules
diff --git a/‎README.md
Lines changed: 5 additions & 2 deletions b/‎README.md
Lines changed: 5 additions & 2 deletions
diff --git a/‎autogen/README.md
Lines changed: 5 additions & 0 deletions b/‎autogen/README.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎autogen/cluster_regional.tf
Lines changed: 7 additions & 4 deletions b/‎autogen/cluster_regional.tf
Lines changed: 7 additions & 4 deletions
diff --git a/‎autogen/cluster_zonal.tf
Lines changed: 7 additions & 4 deletions b/‎autogen/cluster_zonal.tf
Lines changed: 7 additions & 4 deletions
diff --git a/‎autogen/main.tf
Lines changed: 12 additions & 14 deletions b/‎autogen/main.tf
Lines changed: 12 additions & 14 deletions
diff --git a/‎autogen/outputs.tf
Lines changed: 2 additions & 2 deletions b/‎autogen/outputs.tf
Lines changed: 2 additions & 2 deletions
diff --git a/‎autogen/variables.tf
Lines changed: 7 additions & 2 deletions b/‎autogen/variables.tf
Lines changed: 7 additions & 2 deletions
diff --git a/‎cluster_regional.tf
Lines changed: 5 additions & 4 deletions b/‎cluster_regional.tf
Lines changed: 5 additions & 4 deletions
diff --git a/‎cluster_zonal.tf
Lines changed: 5 additions & 4 deletions b/‎cluster_zonal.tf
Lines changed: 5 additions & 4 deletions
diff --git a/‎main.tf
Lines changed: 12 additions & 13 deletions b/‎main.tf
Lines changed: 12 additions & 13 deletions
diff --git a/‎modules/beta-private-cluster/README.md
Lines changed: 6 additions & 0 deletions b/‎modules/beta-private-cluster/README.md
Lines changed: 6 additions & 0 deletions
diff --git a/‎modules/beta-private-cluster/cluster_regional.tf
Lines changed: 7 additions & 4 deletions b/‎modules/beta-private-cluster/cluster_regional.tf
Lines changed: 7 additions & 4 deletions
diff --git a/‎modules/beta-private-cluster/cluster_zonal.tf
Lines changed: 7 additions & 4 deletions b/‎modules/beta-private-cluster/cluster_zonal.tf
Lines changed: 7 additions & 4 deletions
@@ -116,6 +116,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 |------|-------------|:----:|:-----:|:-----:|
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
+| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | string | `"true"` | no |
@@ -233,8 +234,10 @@ To more cleanly handle cases where desired functionality would require complex d
 
 The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](/autogen) directory where appropriate.
 
-Note: The correct sequence to update the repo using autogen functionality is the run `make generate && make generate_docs`.  This
-will create the various Terraform files, and then generate the Terraform documentation using `terraform-docs`.
+Note: The correct sequence to update the repo using autogen
+functionality is the run `make generate && make generate_docs`.  This
+will create the various Terraform files, and then generate the
+Terraform documentation using `terraform-docs`.
 
 ## Testing
 
 
@@ -182,6 +182,11 @@ To more cleanly handle cases where desired functionality would require complex d
 
 The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](/autogen) directory where appropriate.
 
+Note: The correct sequence to update the repo using autogen
+functionality is the run `make generate && make generate_docs`.  This
+will create the various Terraform files, and then generate the
+Terraform documentation using `terraform-docs`.
+
 ## Testing
 
 ### Requirements
 
@@ -26,10 +26,10 @@ resource "google_container_cluster" "primary" {
   description = "${var.description}"
   project     = "${var.project_id}"
 
-  region         = "${var.region}"
-  node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
-
-  network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  region            = "${var.region}"
+  node_locations    = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
+  cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
+  network           = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
 
   network_policy {
     enabled  = "${var.network_policy}"
@@ -74,6 +74,7 @@ resource "google_container_cluster" "primary" {
       disabled = "${var.network_policy ? 0 : 1}"
     }
     {% if beta_cluster %}
+
     istio_config {
       disabled = "${var.istio ? 0 : 1}"
     }
@@ -114,12 +115,14 @@ resource "google_container_cluster" "primary" {
     }
   }
 {% if private_cluster %}
+
   private_cluster_config {
     enable_private_endpoint = "${var.enable_private_endpoint}"
     enable_private_nodes    = "${var.enable_private_nodes}"
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
 {% endif %}
+
   remove_default_node_pool = "${var.remove_default_node_pool}"
 {% if beta_cluster %}
   database_encryption      = ["${var.database_encryption}"]
 
@@ -26,10 +26,10 @@ resource "google_container_cluster" "zonal_primary" {
   description = "${var.description}"
   project     = "${var.project_id}"
 
-  zone           = "${var.zones[0]}"
-  node_locations = ["${slice(var.zones,1,length(var.zones))}"]
-
-  network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  zone              = "${var.zones[0]}"
+  node_locations    = ["${slice(var.zones,1,length(var.zones))}"]
+  cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
+  network           = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
 
   network_policy {
     enabled  = "${var.network_policy}"
@@ -74,6 +74,7 @@ resource "google_container_cluster" "zonal_primary" {
       disabled = "${var.network_policy ? 0 : 1}"
     }
     {% if beta_cluster %}
+
     istio_config {
       disabled = "${var.istio ? 0 : 1}"
     }
@@ -114,12 +115,14 @@ resource "google_container_cluster" "zonal_primary" {
     }
   }
 {% if private_cluster %}
+
   private_cluster_config {
     enable_private_endpoint = "${var.enable_private_endpoint}"
     enable_private_nodes    = "${var.enable_private_nodes}"
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
 {% endif %}
+
   remove_default_node_pool = "${var.remove_default_node_pool}"
 {% if beta_cluster %}
   database_encryption      = ["${var.database_encryption}"]
 
@@ -163,21 +163,19 @@ locals {
   cluster_master_auth_list_layer1 = "${local.cluster_type_output_master_auth[local.cluster_type]}"
   cluster_master_auth_list_layer2 = "${local.cluster_master_auth_list_layer1[0]}"
   cluster_master_auth_map         = "${local.cluster_master_auth_list_layer2[0]}"
-
   # cluster locals
-  cluster_name                = "${local.cluster_type_output_name[local.cluster_type]}"
-  cluster_location            = "${local.cluster_type_output_location[local.cluster_type]}"
-  cluster_region              = "${local.cluster_type_output_region[local.cluster_type]}"
-  cluster_zones               = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
-  cluster_endpoint            = "${local.cluster_type_output_endpoint[local.cluster_type]}"
-  cluster_ca_certificate      = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
-  cluster_master_version      = "${local.cluster_type_output_master_version[local.cluster_type]}"
-  cluster_min_master_version  = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
-  cluster_logging_service     = "${local.cluster_type_output_logging_service[local.cluster_type]}"
-  cluster_monitoring_service  = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
-  cluster_node_pools_names    = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
-  cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
-
+  cluster_name                               = "${local.cluster_type_output_name[local.cluster_type]}"
+  cluster_location                           = "${local.cluster_type_output_location[local.cluster_type]}"
+  cluster_region                             = "${local.cluster_type_output_region[local.cluster_type]}"
+  cluster_zones                              = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
+  cluster_endpoint                           = "${local.cluster_type_output_endpoint[local.cluster_type]}"
+  cluster_ca_certificate                     = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
+  cluster_master_version                     = "${local.cluster_type_output_master_version[local.cluster_type]}"
+  cluster_min_master_version                 = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
+  cluster_logging_service                    = "${local.cluster_type_output_logging_service[local.cluster_type]}"
+  cluster_monitoring_service                 = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
+  cluster_node_pools_names                   = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
+  cluster_node_pools_versions                = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
   cluster_network_policy_enabled             = "${local.cluster_type_output_network_policy_enabled[local.cluster_type] ? false : true}"
   cluster_http_load_balancing_enabled        = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"
   cluster_horizontal_pod_autoscaling_enabled = "${local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] ? false : true}"
 
@@ -112,8 +112,8 @@ output "service_account" {
   description = "The service account to default running nodes as if not overridden in `node_pools`."
   value       = "${local.service_account}"
 }
-
 {% if beta_cluster %}
+
 output "istio_enabled" {
   description = "Whether Istio is enabled"
   value       = "${local.cluster_istio_enabled}"
@@ -124,8 +124,8 @@ output "cloudrun_enabled" {
   value       = "${local.cluster_cloudrun_enabled}"
 }
 {% endif %}
-
 {% if private_cluster %}
+
 output "pod_security_policy_enabled" {
   description = "Whether pod security policy is enabled"
   value       = "${local.cluster_pod_security_policy_enabled}"
 
@@ -251,8 +251,8 @@ variable "service_account" {
   description = "The service account to run nodes as if not overridden in `node_pools`. The default value will cause a cluster-specific service account to be created."
   default     = "create"
 }
-
 {% if private_cluster %}
+
 variable "deploy_using_private_endpoint" {
   description = "(Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment."
   default     = "false"
@@ -273,8 +273,8 @@ variable "master_ipv4_cidr_block" {
   default     = "10.0.0.0/28"
 }
 {% endif %}
-
 {% if beta_cluster %}
+
 variable "istio" {
   description = "(Beta) Enable Istio addon"
   default     = false
@@ -315,3 +315,8 @@ variable "issue_client_certificate" {
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"
   default     = "false"
 }
+
+variable "cluster_ipv4_cidr" {
+  default     = ""
+  description = "The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR."
+}
@@ -26,10 +26,10 @@ resource "google_container_cluster" "primary" {
   description = "${var.description}"
   project     = "${var.project_id}"
 
-  region         = "${var.region}"
-  node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
-
-  network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  region            = "${var.region}"
+  node_locations    = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
+  cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
+  network           = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
 
   network_policy {
     enabled  = "${var.network_policy}"
@@ -100,6 +100,7 @@ resource "google_container_cluster" "primary" {
       service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
     }
   }
+
   remove_default_node_pool = "${var.remove_default_node_pool}"
 }
 
 
@@ -26,10 +26,10 @@ resource "google_container_cluster" "zonal_primary" {
   description = "${var.description}"
   project     = "${var.project_id}"
 
-  zone           = "${var.zones[0]}"
-  node_locations = ["${slice(var.zones,1,length(var.zones))}"]
-
-  network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  zone              = "${var.zones[0]}"
+  node_locations    = ["${slice(var.zones,1,length(var.zones))}"]
+  cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
+  network           = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
 
   network_policy {
     enabled  = "${var.network_policy}"
@@ -100,6 +100,7 @@ resource "google_container_cluster" "zonal_primary" {
       service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
     }
   }
+
   remove_default_node_pool = "${var.remove_default_node_pool}"
 }
 
 
@@ -128,19 +128,18 @@ locals {
   cluster_master_auth_map         = "${local.cluster_master_auth_list_layer2[0]}"
 
   # cluster locals
-  cluster_name                = "${local.cluster_type_output_name[local.cluster_type]}"
-  cluster_location            = "${local.cluster_type_output_location[local.cluster_type]}"
-  cluster_region              = "${local.cluster_type_output_region[local.cluster_type]}"
-  cluster_zones               = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
-  cluster_endpoint            = "${local.cluster_type_output_endpoint[local.cluster_type]}"
-  cluster_ca_certificate      = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
-  cluster_master_version      = "${local.cluster_type_output_master_version[local.cluster_type]}"
-  cluster_min_master_version  = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
-  cluster_logging_service     = "${local.cluster_type_output_logging_service[local.cluster_type]}"
-  cluster_monitoring_service  = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
-  cluster_node_pools_names    = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
-  cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
-
+  cluster_name                               = "${local.cluster_type_output_name[local.cluster_type]}"
+  cluster_location                           = "${local.cluster_type_output_location[local.cluster_type]}"
+  cluster_region                             = "${local.cluster_type_output_region[local.cluster_type]}"
+  cluster_zones                              = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
+  cluster_endpoint                           = "${local.cluster_type_output_endpoint[local.cluster_type]}"
+  cluster_ca_certificate                     = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
+  cluster_master_version                     = "${local.cluster_type_output_master_version[local.cluster_type]}"
+  cluster_min_master_version                 = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
+  cluster_logging_service                    = "${local.cluster_type_output_logging_service[local.cluster_type]}"
+  cluster_monitoring_service                 = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
+  cluster_node_pools_names                   = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
+  cluster_node_pools_versions                = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
   cluster_network_policy_enabled             = "${local.cluster_type_output_network_policy_enabled[local.cluster_type] ? false : true}"
   cluster_http_load_balancing_enabled        = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"
   cluster_horizontal_pod_autoscaling_enabled = "${local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] ? false : true}"
 
@@ -124,6 +124,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
+| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
@@ -252,6 +253,11 @@ To more cleanly handle cases where desired functionality would require complex d
 
 The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](/autogen) directory where appropriate.
 
+Note: The correct sequence to update the repo using autogen
+functionality is the run `make generate && make generate_docs`.  This
+will create the various Terraform files, and then generate the
+Terraform documentation using `terraform-docs`.
+
 ## Testing
 
 ### Requirements
 
@@ -26,10 +26,10 @@ resource "google_container_cluster" "primary" {
   description = "${var.description}"
   project     = "${var.project_id}"
 
-  region         = "${var.region}"
-  node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
-
-  network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  region            = "${var.region}"
+  node_locations    = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
+  cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
+  network           = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
 
   network_policy {
     enabled  = "${var.network_policy}"
@@ -71,6 +71,7 @@ resource "google_container_cluster" "primary" {
     network_policy_config {
       disabled = "${var.network_policy ? 0 : 1}"
     }
+
     istio_config {
       disabled = "${var.istio ? 0 : 1}"
     }
@@ -109,11 +110,13 @@ resource "google_container_cluster" "primary" {
       service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
     }
   }
+
   private_cluster_config {
     enable_private_endpoint = "${var.enable_private_endpoint}"
     enable_private_nodes    = "${var.enable_private_nodes}"
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
+
   remove_default_node_pool = "${var.remove_default_node_pool}"
   database_encryption      = ["${var.database_encryption}"]
 }
 
@@ -26,10 +26,10 @@ resource "google_container_cluster" "zonal_primary" {
   description = "${var.description}"
   project     = "${var.project_id}"
 
-  zone           = "${var.zones[0]}"
-  node_locations = ["${slice(var.zones,1,length(var.zones))}"]
-
-  network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  zone              = "${var.zones[0]}"
+  node_locations    = ["${slice(var.zones,1,length(var.zones))}"]
+  cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
+  network           = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
 
   network_policy {
     enabled  = "${var.network_policy}"
@@ -71,6 +71,7 @@ resource "google_container_cluster" "zonal_primary" {
     network_policy_config {
       disabled = "${var.network_policy ? 0 : 1}"
     }
+
     istio_config {
       disabled = "${var.istio ? 0 : 1}"
     }
@@ -109,11 +110,13 @@ resource "google_container_cluster" "zonal_primary" {
       service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
     }
   }
+
   private_cluster_config {
     enable_private_endpoint = "${var.enable_private_endpoint}"
     enable_private_nodes    = "${var.enable_private_nodes}"
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
+
   remove_default_node_pool = "${var.remove_default_node_pool}"
   database_encryption      = ["${var.database_encryption}"]
 }
Original file line number	Diff line number	Diff line change
`@@ -26,10 +26,10 @@ resource "google_container_cluster" "primary" {`
`26`	`26`	`description = "${var.description}"`
`27`	`27`	`project = "${var.project_id}"`
`28`	`28`
`29`		`- region = "${var.region}"`
`30`		`- node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]`
`31`		`-`
`32`		`- network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"`
	`29`	`+ region = "${var.region}"`
	`30`	`+ node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]`
	`31`	`+ cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"`
	`32`	`+ network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"`
`33`	`33`
`34`	`34`	`network_policy {`
`35`	`35`	`enabled = "${var.network_policy}"`
`@@ -100,6 +100,7 @@ resource "google_container_cluster" "primary" {`
`100`	`100`	`service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"`
`101`	`101`	`}`
`102`	`102`	`}`
	`103`	`+`
`103`	`104`	`remove_default_node_pool = "${var.remove_default_node_pool}"`
`104`	`105`	`}`
`105`	`106`