TL;DR

My goal is to use only the DNS endpoint on my GKE clusters:

This is not possible at the moment because I need to set:

  enable_private_endpoint       = true
  deploy_using_private_endpoint = true

for the DNS endpoint to be enabled. However, enable_private_endpoint will create an empty master_authorized_networks_config {} block in this line, and applying this will re-enable access via IPv4.

I created a PR to fix this, but I'm not 100% sure if it breaks anything unrelated to DNS endpoints.

Another thing I observed while experimenting with this setting is that removing master_authorized_networks_config {} won't actually change my cluster to disable IPv4 access. The code seems to work for both cases: with master_authorized_networks_config {} and IPv4 enabled, and omitted with IPv4 disabled. Maybe this is just a limitation in the API, where changing master_authorized_networks_config {} to (empty) does not trigger an update. 🤔

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

n.a.

Terraform Version

tofu version                                                                                          app-publisher-dev-7ed19f10be
OpenTofu v1.8.7
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v4.84.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.23.0
+ provider registry.terraform.io/hashicorp/random v3.5.1

Additional information

No response