terraform-google-kubernetes-engine configure_ip_masq config and non_masquerade_cidrs are invalid for Autopilot Clusters and should be replaced with EgressNATPolicy

configure_ip_masq config and non_masquerade_cidrs are invalid for Autopilot Clusters and should be replaced with EgressNATPolicy

Open fernandoiury opened this issue 1 year ago • 0 comments

TL;DR

Autopilot disables access to kube-system namespace. Thus the current approach to apply the ip-masq configmap does not work.

Expected behavior

I'd expect to see the EgressNATPolicy being configured as per: https://cloud.google.com/kubernetes-engine/docs/concepts/ip-masquerade-agent#expandable-2

Observed behavior

Terraform Configuration

configure_ip_masq = true

Terraform Version

any

Additional information

No response

Mar 05 '24 16:03 fernandoiury

terraform-google-kubernetes-engine terraform-google-kubernetes-engine copied to clipboard

configure_ip_masq config and non_masquerade_cidrs are invalid for Autopilot Clusters and should be replaced with EgressNATPolicy

TL;DR

Expected behavior

Observed behavior

Terraform Configuration

Terraform Version

Additional information

terraform-google-kubernetes-engine
terraform-google-kubernetes-engine copied to clipboard