Morgante Pell

Thanks, it just needs to be added here: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/autogen/main/cluster.tf.tmpl#L333 Happy to review a PR.

Can you provide an example of the module configuration you're using?

Thank you, this makes sense to support. We should add an additional firewall rule [like the existing one](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/main.tf#L281-L300) which adds rules for any backends which have a different health check...

Can you share your module config and `terraform version`? Thanks!

You actually have to set the `sandbox_enabled` variable to `true` on the module itself, not for the individual node pool. Like [this example](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/examples/simple_regional_beta/main.tf#L42). Can you change that and confirm it...

Can you provide the output of `terraform plan`? There shouldn't be a difference between private and public clusters when it comes to sandboxing.

Thanks, I think the issue is related to the embedded default node pool which we should probably remove entirely. We're going to have to do a bit more digging on...

Thanks for digging into it. It looks like we will indeed need to add a per-node-pool setting for sandboxing since we can't always rely on the default node pool.

Interesting, seems like a change in Terraform v1.1.0. We might have to use a data source in *both* cases or construct an object with an overlapping subset of the fields.

`initial_node_count` is only used for the default pool (that we delete anyways) and is therefore intentionally ignored. We should probably remove it from the module entirely, but that will require...