From f5d8652e2394410422ff9e76065f4a7d30ea3a4f Mon Sep 17 00:00:00 2001
From: Sarah Gibson <drsarahlgibson@gmail.com>
Date: Wed, 29 Jan 2025 12:10:45 +0000
Subject: [PATCH] Remove any GCP terraform config relating to the
 enable_private_cluster variable

---
 terraform/gcp/cluster.tf   | 26 -----------------
 terraform/gcp/network.tf   | 58 --------------------------------------
 terraform/gcp/storage.tf   |  2 +-
 terraform/gcp/variables.tf | 16 -----------
 4 files changed, 1 insertion(+), 101 deletions(-)
 delete mode 100644 terraform/gcp/network.tf

diff --git a/terraform/gcp/cluster.tf b/terraform/gcp/cluster.tf
index 54746f82b3..fa2c6372ae 100644
--- a/terraform/gcp/cluster.tf
+++ b/terraform/gcp/cluster.tf
@@ -70,32 +70,6 @@ resource "google_container_cluster" "cluster" {
     prevent_destroy = true
   }
 
-  // For private clusters, pass the name of the network and subnetwork created
-  // by the VPC
-  network    = var.enable_private_cluster ? data.google_compute_network.default_network.name : null
-  subnetwork = var.enable_private_cluster ? data.google_compute_subnetwork.default_subnetwork.name : null
-
-  // Dynamically provision the private cluster config when deploying a
-  // private cluster
-  dynamic "private_cluster_config" {
-    for_each = var.enable_private_cluster ? [1] : []
-
-    content {
-      // Decide if this CIDR block is sensible or not
-      master_ipv4_cidr_block  = "172.16.0.0/28"
-      enable_private_nodes    = true
-      enable_private_endpoint = false
-    }
-  }
-
-  // Dynamically provision the IP allocation policy when deploying a
-  // private cluster. This allows for IP aliasing and makes the cluster
-  // VPC-native
-  dynamic "ip_allocation_policy" {
-    for_each = var.enable_private_cluster ? [1] : []
-    content {}
-  }
-
   addons_config {
     network_policy_config {
       disabled = !var.enable_network_policy
diff --git a/terraform/gcp/network.tf b/terraform/gcp/network.tf
deleted file mode 100644
index 84e561cfd6..0000000000
--- a/terraform/gcp/network.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
-* Networking to support private clusters
-*
-* This config is only deployed when the enable_private_cluster variable is set
-* to true
-*/
-
-data "google_compute_network" "default_network" {
-  name    = "default"
-  project = var.project_id
-}
-
-data "google_compute_subnetwork" "default_subnetwork" {
-  name    = "default"
-  project = var.project_id
-  region  = var.region
-}
-
-resource "google_compute_firewall" "iap_ssh_ingress" {
-  count = var.enable_private_cluster ? 1 : 0
-
-  name    = "allow-ssh"
-  project = var.project_id
-  network = data.google_compute_network.default_network.name
-
-  allow {
-    protocol = "tcp"
-    ports    = ["22"]
-  }
-
-  // This range contains all IP addresses that IAP uses for TCP forwarding.
-  // https://cloud.google.com/iap/docs/using-tcp-forwarding
-  source_ranges = ["35.235.240.0/20"]
-}
-
-resource "google_compute_router" "router" {
-  count = var.enable_private_cluster ? 1 : 0
-
-  name    = "${var.prefix}-router"
-  project = var.project_id
-  region  = var.region
-  network = data.google_compute_network.default_network.id
-}
-
-resource "google_compute_router_nat" "nat" {
-  count = var.enable_private_cluster ? 1 : 0
-
-  name                               = "${var.prefix}-router-nat"
-  project                            = var.project_id
-  region                             = var.region
-  router                             = google_compute_router.router[0].name
-  nat_ip_allocate_option             = "AUTO_ONLY"
-  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
-
-  // Set these values explicitly so they don't "change outside terraform"
-  nat_ips       = []
-  drain_nat_ips = []
-}
diff --git a/terraform/gcp/storage.tf b/terraform/gcp/storage.tf
index 1463d0aaca..fd425b3c09 100644
--- a/terraform/gcp/storage.tf
+++ b/terraform/gcp/storage.tf
@@ -19,7 +19,7 @@ resource "google_filestore_instance" "homedirs" {
   }
 
   networks {
-    network = var.enable_private_cluster ? data.google_compute_network.default_network.name : "default"
+    network = "default"
     modes   = ["MODE_IPV4"]
   }
 }
diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf
index ca01c3ef28..2508254f60 100644
--- a/terraform/gcp/variables.tf
+++ b/terraform/gcp/variables.tf
@@ -300,22 +300,6 @@ variable "user_buckets" {
   EOT
 }
 
-variable "enable_private_cluster" {
-  type        = bool
-  default     = false
-  description = <<-EOT
-  Deploy the kubernetes cluster into a private subnet
-
-  By default, GKE gives each of your nodes a public IP & puts them in a public
-  subnet. When this variable is set to `true`, the nodes will be in a private subnet
-  and not have public IPs. A cloud NAT will provide outbound internet access from
-  these nodes. The kubernetes API will still be exposed publicly, so we can access
-  it from our laptops & CD.
-
-  This is often required by institutional controls banning VMs from having public IPs.
-  EOT
-}
-
 variable "filestores" {
   type = map(object({
     name_suffix : optional(string, null),