kube

Author: lucacome

tests/tofu/config.tf

@@ -11,7 +11,7 @@ locals {
         name = google_container_cluster.primary.name
         context = {
           cluster = google_container_cluster.primary.name
-          user    = var.gke_nodes_service_account
+          user    = google_container_cluster.primary.name
         }
       }
     ]
@@ -26,7 +26,7 @@ locals {
     ]
     users = [
       {
-        name = var.gke_nodes_service_account
+        name = google_container_cluster.primary.name
         user = {
           exec = {
             apiVersion         = "client.authentication.k8s.io/v1beta1"

tests/tofu/main.tf

@@ -48,10 +48,10 @@ resource "google_container_cluster" "primary" {
       display_name = "local-ip"
     }
 
-    cidr_blocks {
-      cidr_block   = google_compute_subnetwork.subnet.ip_cidr_range
-      display_name = "vpc"
-    }
+    # cidr_blocks {
+    #   cidr_block   = google_compute_subnetwork.subnet.ip_cidr_range
+    #   display_name = "vpc"
+    # }
   }
 
   private_cluster_config {

tests/tofu/network.tf

@@ -27,8 +27,8 @@ resource "google_compute_router_nat" "nat" {
   }
 }
 
-resource "google_compute_firewall" "firewall" {
-  name    = "${var.gke_cluster_name}-firewall"
+resource "google_compute_firewall" "ssh" {
+  name    = "${var.gke_cluster_name}-ssh"
   network = google_compute_network.vpc.self_link
   allow {
     protocol = "tcp"
@@ -37,18 +37,6 @@ resource "google_compute_firewall" "firewall" {
   source_ranges = ["${chomp(data.http.myip.response_body)}/32"]
 }
 
-resource "google_compute_firewall" "deny_exkubelet" {
-  name      = "${var.gke_cluster_name}-deny-exkubelet"
-  network   = google_compute_network.vpc.self_link
-  direction = "INGRESS"
-  deny {
-    protocol = "tcp"
-    ports    = ["10255"]
-  }
-  source_ranges = ["0.0.0.0/0"]
-
-}
-
 resource "google_compute_address" "vpc-ip" {
   name         = "${var.gke_cluster_name}-vpc-ip"
   address_type = "EXTERNAL"