Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Disable the insecure read-only port on new Autopilot clusters #19153

Closed
zaphod72 opened this issue Aug 15, 2024 · 4 comments · Fixed by GoogleCloudPlatform/magic-modules#11573, hashicorp/terraform-provider-google-beta#8076 or #19320
Closed

Disable the insecure read-only port on new Autopilot clusters #19153

zaphod72 opened this issue Aug 15, 2024 · 4 comments · Fixed by GoogleCloudPlatform/magic-modules#11573, hashicorp/terraform-provider-google-beta#8076 or #19320
Labels
enhancement forward/linked service/container size/m
Milestone
Near-Term Goals

Comments

@zaphod72
Copy link

zaphod72 commented Aug 15, 2024
edited by modular-magician
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

When creating a new GKE Autopilot cluster I want to disable the insecure read-only port as per https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port#disable-autopilot

The gcloud container clusters create-auto flag is --no-autoprovisioning-enable-insecure-kubelet-readonly-port
This setting does not appear to be available in the google_container_cluster Terraform resource.

New or Affected Resource(s)

google_container_cluster

Potential Terraform Configuration

No response

References

No response

b/362329176
@github-actions github-actions bot added forward/review In review; remove label to forward service/container labels Aug 15, 2024
@melinath melinath added this to the Near-Term Goals milestone Aug 26, 2024
@melinath
Copy link
Collaborator

Possibly a duplicate of #15208 & may be resolved by GoogleCloudPlatform/magic-modules#11272

@wyardley
Copy link

wyardley commented Aug 26, 2024
edited
Loading

@melinath I had created #19236 to cover this (looks like you found it) -- see comments here and here, but assuming node_pool_auto_config.node_kublet_config is what's needed there, GoogleCloudPlatform/magic-modules#11272 won't cover it as currently stands.

However, it will be a bit of extra work, because it doesn't look like node_kublet_config is currently supported at all for node_pool_auto_config.

@melinath melinath removed the forward/review In review; remove label to forward label Aug 26, 2024
wyardley added a commit to wyardley/magic-modules that referenced this issue Aug 29, 2024
@wyardley
container: Add node_kublet_config support for autopilot clusters
36cbd68 
Add support for `node_kubelet_config in `node_pool_auto_config`.

See:
hashicorp/terraform-provider-google#15208 (comment)

Per:
https://pkg.go.dev/google.golang.org/api/container/v1#NodePoolAutoConfig
Currently only `insecure_kubelet_readonly_port_enabled` can be set here.

Fixes hashicorp/terraform-provider-google#19236
Fixes hashicorp/terraform-provider-google#19153
wyardley added a commit to wyardley/magic-modules that referenced this issue Aug 29, 2024
@wyardley
container: Add node_kublet_config support for autopilot clusters
a63b620 
Add support for `node_kubelet_config in `node_pool_auto_config`.

See:
hashicorp/terraform-provider-google#15208 (comment)

Per:
https://pkg.go.dev/google.golang.org/api/container/v1#NodePoolAutoConfig
Currently only `insecure_kubelet_readonly_port_enabled` can be set here.

Fixes hashicorp/terraform-provider-google#19236
Fixes hashicorp/terraform-provider-google#19153
@wyardley wyardley mentioned this issue Aug 29, 2024
Merged
wyardley added a commit to wyardley/magic-modules that referenced this issue Aug 29, 2024
@wyardley
container: Add node_kublet_config support for autopilot clusters
9d04dc2 
Add support for `node_kubelet_config` in `node_pool_auto_config`.

See:
hashicorp/terraform-provider-google#15208 (comment)

Per:
https://pkg.go.dev/google.golang.org/api/container/v1#NodePoolAutoConfig
Currently only `insecure_kubelet_readonly_port_enabled` can be set here.

Fixes hashicorp/terraform-provider-google#19236
Fixes hashicorp/terraform-provider-google#19153
wyardley added a commit to wyardley/magic-modules that referenced this issue Aug 29, 2024
@wyardley
container: Add node_kublet_config support for autopilot clusters
d943789 
Add support for `node_kubelet_config` in `node_pool_auto_config`.

See:
hashicorp/terraform-provider-google#15208 (comment)

Per:
https://pkg.go.dev/google.golang.org/api/container/v1#NodePoolAutoConfig
Currently only `insecure_kubelet_readonly_port_enabled` can be set here.

Fixes hashicorp/terraform-provider-google#19236
Fixes hashicorp/terraform-provider-google#19153
wyardley added a commit to wyardley/magic-modules that referenced this issue Aug 29, 2024
@wyardley
container: Add node_kublet_config support for autopilot clusters
616cb89 
Add support for `node_kubelet_config` in `node_pool_auto_config`.

See:
hashicorp/terraform-provider-google#15208 (comment)

Per:
https://pkg.go.dev/google.golang.org/api/container/v1#NodePoolAutoConfig
Currently only `insecure_kubelet_readonly_port_enabled` can be set here.

Fixes hashicorp/terraform-provider-google#19236
Fixes hashicorp/terraform-provider-google#19153
@melinath
Copy link
Collaborator

Closing as a duplicate of #19236 - please let me know if that seems incorrect!

@melinath melinath closed this as not planned Won't fix, can't repro, duplicate, stale Aug 29, 2024
This was referenced Aug 29, 2024
Merged
Merged
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 29, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
enhancement forward/linked service/container size/m
Projects
None yet
Milestone
Near-Term Goals
4 participants
@melinath @wyardley @zaphod72 @modular-magician