From 4726ab25579565c6d4057457903fab8f80db80ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20Morej=C3=B3n?= <manuel@mmorejon.io>
Date: Fri, 24 Jan 2025 21:03:35 +0100
Subject: [PATCH] Fix: dns endpoint for external traffic (#2244)

Signed-off-by: Manuel Morejon <manuel@mmorejon.io>
---
 autogen/main/cluster.tf.tmpl                           | 2 +-
 examples/safer_cluster_iap_bastion/cluster.tf          | 2 +-
 modules/beta-autopilot-private-cluster/cluster.tf      | 2 +-
 modules/beta-private-cluster-update-variant/cluster.tf | 2 +-
 modules/beta-private-cluster/cluster.tf                | 2 +-
 modules/private-cluster-update-variant/cluster.tf      | 2 +-
 modules/private-cluster/cluster.tf                     | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index ddcd91d503..f8ad224dce 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -645,7 +645,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "control_plane_endpoints_config" {
-    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : [0]
+    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : []
     content {
       dns_endpoint_config {
         allow_external_traffic = var.deploy_using_private_endpoint
diff --git a/examples/safer_cluster_iap_bastion/cluster.tf b/examples/safer_cluster_iap_bastion/cluster.tf
index c7e5379af2..d42aeb2f80 100644
--- a/examples/safer_cluster_iap_bastion/cluster.tf
+++ b/examples/safer_cluster_iap_bastion/cluster.tf
@@ -25,7 +25,7 @@ module "gke" {
   subnetwork              = module.vpc.subnets_names[0]
   ip_range_pods           = module.vpc.subnets_secondary_ranges[0][0].range_name
   ip_range_services       = module.vpc.subnets_secondary_ranges[0][1].range_name
-  enable_private_endpoint = false
+  enable_private_endpoint = true
   deletion_protection     = false
   master_authorized_networks = [{
     cidr_block   = "${module.bastion.ip_address}/32"
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index 0a515ccffc..9c353d0057 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -327,7 +327,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "control_plane_endpoints_config" {
-    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : [0]
+    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : []
     content {
       dns_endpoint_config {
         allow_external_traffic = var.deploy_using_private_endpoint
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 1dcf54f51d..b4cf643535 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -554,7 +554,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "control_plane_endpoints_config" {
-    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : [0]
+    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : []
     content {
       dns_endpoint_config {
         allow_external_traffic = var.deploy_using_private_endpoint
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 9f7de347a1..5e91ec5b3c 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -554,7 +554,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "control_plane_endpoints_config" {
-    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : [0]
+    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : []
     content {
       dns_endpoint_config {
         allow_external_traffic = var.deploy_using_private_endpoint
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index c0577e326a..643594bdcf 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -509,7 +509,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "control_plane_endpoints_config" {
-    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : [0]
+    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : []
     content {
       dns_endpoint_config {
         allow_external_traffic = var.deploy_using_private_endpoint
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index 80cf76bed8..0dbf640fe5 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -509,7 +509,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "control_plane_endpoints_config" {
-    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : [0]
+    for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : []
     content {
       dns_endpoint_config {
         allow_external_traffic = var.deploy_using_private_endpoint