Skip to content

Commit

Permalink
Pod security policy and global whitelist option
Browse files Browse the repository at this point in the history
  • Loading branch information
sjmiller609 committed Jun 24, 2020
1 parent c417a6b commit 794973a
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,13 @@ resource "google_container_cluster" "primary" {
cidr_blocks {
# display_name = google_compute_subnetwork.bastion.name
# either whitelist the caller's IP or only allow access from bastion
cidr_block = var.management_endpoint == "public" ? "${trimspace(data.http.local_ip.body)}/32" : google_compute_subnetwork.bastion[0].ip_cidr_range
cidr_block = var.management_endpoint == "public" ? var.kube_api_whitelist_cidr == "" ? "${trimspace(data.http.local_ip.body)}/32" : var.kube_api_whitelist_cidr : google_compute_subnetwork.bastion[0].ip_cidr_range
}

}

pod_security_policy_config {
enabled = var.pod_security_policy_enabled
}

pod_security_policy_config {
Expand Down

0 comments on commit 794973a

Please sign in to comment.