talexander/kubernetes_ip_demo
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add explanation for Pod IP addresses.

Browse Source
This commit is contained in:
Tom Alexander
2025-03-15 16:25:25 -04:00
parent fbb8376ccc
commit f3c22c18e5
8 changed files with 159 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
terraform/cluster.tf
View File

@@ -78,6 +78,7 @@ module "cluster1" {
external_dns_k8s_service_account = local.external_dns_k8s_service_account
external_dns_gcp_service_account_email = google_service_account.external_dns.email
cluster_exists = var.cluster_exists
enable_snat = var.enable_snat
service_container = google_project_service.service["container"]
}
@@ -115,6 +116,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -137,6 +139,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -159,6 +162,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -181,6 +185,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -203,6 +208,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -225,6 +231,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -247,6 +254,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -269,6 +277,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -291,6 +300,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -313,6 +323,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -335,6 +346,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -357,6 +369,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -379,6 +392,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -401,6 +415,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -423,6 +438,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -445,6 +461,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -467,6 +484,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -489,6 +507,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -511,6 +530,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -533,6 +553,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -555,6 +576,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -577,6 +599,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -599,6 +622,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -621,6 +645,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -643,6 +668,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -665,6 +691,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -687,6 +714,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -709,6 +737,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -731,6 +760,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -753,6 +783,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -775,6 +806,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -797,6 +829,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -819,6 +852,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -841,6 +875,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -863,6 +898,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -885,6 +921,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -907,6 +944,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -929,6 +967,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -951,6 +990,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -973,6 +1013,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -995,6 +1036,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1017,6 +1059,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1039,6 +1082,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1061,6 +1105,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1083,6 +1128,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1105,6 +1151,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1127,6 +1174,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1149,6 +1197,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1171,6 +1220,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1193,6 +1243,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1215,6 +1266,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1237,6 +1289,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1259,6 +1312,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1281,6 +1335,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1303,6 +1358,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1325,6 +1381,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1347,6 +1404,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1369,6 +1427,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1391,6 +1450,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1413,6 +1473,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1435,6 +1496,7 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }
@@ -1457,5 +1519,6 @@ output "cluster_ip_address_utilization_url_cluster1" {
# external_dns_k8s_service_account = local.external_dns_k8s_service_account
# external_dns_gcp_service_account_email = google_service_account.external_dns.email
# cluster_exists = var.cluster_exists
# enable_snat = var.enable_snat
# service_container = google_project_service.service["container"]
# }

6
terraform/main.tf
View File

@@ -73,6 +73,12 @@ variable "ssh_key" {
default = null
}
variable "enable_snat" {
description = "Whether we should enable source network address translation to the node IP address."
type = bool
default = false
}
# manual step: enable cloudbilling.googleapis.com in the terraform provider project
# https://console.developers.google.com/apis/api/cloudbilling.googleapis.com/overview?project=terraform-management-427323
provider "google" {

7
terraform/modules/cluster/main.tf
View File

@@ -72,7 +72,12 @@ variable "cluster_exists" {
variable "routes_based" {
description = "Set to true to create a routes-based cluster instead of VPC Native. This is mostly for testing."
type = bool
default = true
default = false
}
variable "enable_snat" {
description = "Whether we should enable source network address translation to the node IP address."
type = bool
}
output "gke_connect_command" {

1
terraform/modules/cluster/workload.tf
View File

@@ -35,5 +35,6 @@ module "workload" {
dns_managed_zone = var.dns_managed_zone
public_ingress = var.public_ingress
ingress_type = var.ingress_type
enable_snat = var.enable_snat
main_k8s_namespace = var.main_k8s_namespace
}

14
terraform/modules/k8s_workload/ip_masq.tf Normal file
View File

@@ -0,0 +1,14 @@
resource "kubernetes_config_map" "ip_masq_agent" {
count = var.enable_snat ? 1 : 0
metadata {
name = "ip-masq-agent"
namespace = "kube-system"
}
data = {
config = "nonMasqueradeCIDRs:\n - 100.64.0.0/19\n - 240.10.0.0/17\nmasqLinkLocal: false\nresyncInterval: 60s\n"
}
depends_on = [var.node_pool]
}

5
terraform/modules/k8s_workload/main.tf
View File

@@ -29,6 +29,11 @@ variable "main_k8s_namespace" {
type = string
}
variable "enable_snat" {
description = "Whether we should enable source network address translation to the node IP address."
type = bool
}
# Provide time for Service cleanup
resource "time_sleep" "wait_service_cleanup" {
depends_on = [var.cluster]

15
terraform/user_machine.tf
View File

@@ -19,7 +19,7 @@ resource "google_compute_instance" "user_machine" {
name = "user-machine"
machine_type = "g1-small"
zone = var.zone
tags = ["allow-iap-ssh"]
tags = ["allow-iap-ssh", "allow-python-http"]
boot_disk {
initialize_params {
@@ -76,3 +76,16 @@ resource "google_dns_record_set" "user_machine" {
rrdatas = [google_compute_instance.user_machine.network_interface[0].network_ip]
}
resource "google_compute_firewall" "allow_python_http" {
project = google_project.project.project_id
name = "allow-python-http"
network = google_compute_network.default.id
direction = "INGRESS"
allow {
protocol = "tcp"
ports = ["8080"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["allow-python-http"]
}