Skip to content
Jump to bottom

if in lab allow kubectl to communicate with cluster #49

Merged
merged 1 commit into from
Mar 26, 2026
Merged

if in lab allow kubectl to communicate with cluster #49

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 8 additions & 1 deletion main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@ locals {
subnets = [for k, v in data.aws_subnet.subnets : v.id if length(regexall("us-east-1e", v.availability_zone)) == 0]
vpc_cidr_block = data.aws_vpc.eks_vpc.cidr_block
vpc_id = data.aws_vpc.eks_vpc.id
endpoint_access = length(regexall("lab", var.cluster_name)) > 0 ? true : false
disallowed_public_endpoint_cidrs = toset([
"10.0.0.0/16",
"172.16.0.0/12",
"192.168.0.0/16"])
filtered_endpoint_public_access_cidrs = distinct([for cidr in var.census_private_cidr : cidr if ! contains(local.disallowed_public_endpoint_cidrs, lower(trimspace(cidr)))])
}

resource "terraform_data" "subnet_validation" {
Expand All @@ -24,7 +30,8 @@ module "cluster" {
access_entries = local.access_entries
cloudwatch_log_group_retention_in_days = var.cloudwatch_retention_days
endpoint_private_access = true
endpoint_public_access = false
endpoint_public_access = local.endpoint_access
endpoint_public_access_cidrs = local.endpoint_access ? local.filtered_endpoint_public_access_cidrs : null
name = var.cluster_name
upgrade_policy = { support_type = "STANDARD" }
kubernetes_version = var.cluster_version
Expand Down