From 958bca88007a5e1723de2e0faa3aee5c77b0f37b Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 1 Feb 2022 18:14:11 +0100 Subject: [PATCH] terraform/gcp: Do not create unused subnetworks and Upgrade to latest google provider (#8497) * terraform/gcp: Do not create unused subnetworks By default terraform creates a subnetwork in each 39 regions * terraform/gcp: Upgrade to latest google provider ... where "one of source_tags, source_ranges, or source_service_accounts must be defined" --- contrib/terraform/gcp/main.tf | 2 +- contrib/terraform/gcp/modules/kubernetes-cluster/main.tf | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/terraform/gcp/main.tf b/contrib/terraform/gcp/main.tf index ce221d0c1..43ede77d8 100644 --- a/contrib/terraform/gcp/main.tf +++ b/contrib/terraform/gcp/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "~> 3.48" + version = "~> 4.0" } } } diff --git a/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf b/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf index a9cbacbaa..937cc5641 100644 --- a/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf +++ b/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf @@ -5,6 +5,8 @@ resource "google_compute_network" "main" { name = "${var.prefix}-network" + + auto_create_subnetworks = false } resource "google_compute_subnetwork" "main" { @@ -20,6 +22,8 @@ resource "google_compute_firewall" "deny_all" { priority = 1000 + source_ranges = ["0.0.0.0/0"] + deny { protocol = "all" } @@ -86,6 +90,8 @@ resource "google_compute_firewall" "ingress_http" { priority = 100 + source_ranges = ["0.0.0.0/0"] + allow { protocol = "tcp" ports = ["80"] @@ -98,6 +104,8 @@ resource "google_compute_firewall" "ingress_https" { priority = 100 + source_ranges = ["0.0.0.0/0"] + allow { protocol = "tcp" ports = ["443"]