From 4e279e6bbde95e35e781f7d3feb403daef2d10c1 Mon Sep 17 00:00:00 2001 From: Craig Edmunds Date: Thu, 2 Jan 2020 17:11:21 +0100 Subject: [PATCH] Removes the kubernetes_dashboard element from google_container_cluster #71 --- modules/gke-cluster/main.tf | 8 -------- modules/gke-cluster/variables.tf | 6 ------ 2 files changed, 14 deletions(-) diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf index 08bfaec..7f68546 100644 --- a/modules/gke-cluster/main.tf +++ b/modules/gke-cluster/main.tf @@ -81,10 +81,6 @@ resource "google_container_cluster" "cluster" { disabled = ! var.horizontal_pod_autoscaling } - kubernetes_dashboard { - disabled = ! var.enable_kubernetes_dashboard - } - network_policy_config { disabled = ! var.enable_network_policy } @@ -100,10 +96,6 @@ resource "google_container_cluster" "cluster" { master_auth { username = var.basic_auth_username password = var.basic_auth_password - - client_certificate_config { - issue_client_certificate = var.enable_kubernetes_dashboard - } } dynamic "master_authorized_networks_config" { diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf index cc16a63..167ebec 100644 --- a/modules/gke-cluster/variables.tf +++ b/modules/gke-cluster/variables.tf @@ -155,12 +155,6 @@ variable "alternative_default_service_account" { # These values shouldn't be changed; they're following the best practices defined at https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster # --------------------------------------------------------------------------------------------------------------------- -variable "enable_kubernetes_dashboard" { - description = "Whether to enable the Kubernetes Web UI (Dashboard). The Web UI requires a highly privileged security account." - type = bool - default = false -} - variable "enable_legacy_abac" { description = "Whether to enable legacy Attribute-Based Access Control (ABAC). RBAC has significant security advantages over ABAC." type = bool