From 958bca88007a5e1723de2e0faa3aee5c77b0f37b Mon Sep 17 00:00:00 2001
From: Mathieu Parent <math.parent@gmail.com>
Date: Tue, 1 Feb 2022 18:14:11 +0100
Subject: [PATCH] terraform/gcp: Do not create unused subnetworks and Upgrade
to latest google provider (#8497)
* terraform/gcp: Do not create unused subnetworks
By default terraform creates a subnetwork in each 39 regions
* terraform/gcp: Upgrade to latest google provider
... where "one of source_tags, source_ranges, or source_service_accounts must be defined"
---
contrib/terraform/gcp/main.tf | 2 +-
contrib/terraform/gcp/modules/kubernetes-cluster/main.tf | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/contrib/terraform/gcp/main.tf b/contrib/terraform/gcp/main.tf
index ce221d0c1..43ede77d8 100644
--- a/contrib/terraform/gcp/main.tf
+++ b/contrib/terraform/gcp/main.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 3.48"
+ version = "~> 4.0"
}
}
}
diff --git a/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf b/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf
index a9cbacbaa..937cc5641 100644
--- a/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf
+++ b/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf
@@ -5,6 +5,8 @@
resource "google_compute_network" "main" {
name = "${var.prefix}-network"
+
+ auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "main" {
@@ -20,6 +22,8 @@ resource "google_compute_firewall" "deny_all" {
priority = 1000
+ source_ranges = ["0.0.0.0/0"]
+
deny {
protocol = "all"
}
@@ -86,6 +90,8 @@ resource "google_compute_firewall" "ingress_http" {
priority = 100
+ source_ranges = ["0.0.0.0/0"]
+
allow {
protocol = "tcp"
ports = ["80"]
@@ -98,6 +104,8 @@ resource "google_compute_firewall" "ingress_https" {
priority = 100
+ source_ranges = ["0.0.0.0/0"]
+
allow {
protocol = "tcp"
ports = ["443"]
--
GitLab