From 90095a792fe6cfb869c1af5565d126ea2902b476 Mon Sep 17 00:00:00 2001
From: Sam Kottler <sam@midstream.health>
Date: Tue, 11 Jun 2024 15:28:13 -0400
Subject: [PATCH] feat(beta-autopilot-private-cluster): support
 CiliumClusterwideNetworkPolicy

---
 modules/beta-autopilot-private-cluster/cluster.tf   | 2 ++
 modules/beta-autopilot-private-cluster/variables.tf | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index 397c7755b9..a2833c9eee 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -85,6 +85,8 @@ resource "google_container_cluster" "primary" {
     enabled = var.enable_vertical_pod_autoscaling
   }
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
+  enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
+
   enable_autopilot           = true
   dynamic "master_authorized_networks_config" {
     for_each = local.master_authorized_networks_config
diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
index 9e5c223a81..99b632fd75 100644
--- a/modules/beta-autopilot-private-cluster/variables.tf
+++ b/modules/beta-autopilot-private-cluster/variables.tf
@@ -399,6 +399,12 @@ variable "enable_fqdn_network_policy" {
   default     = null
 }
 
+variable "enable_cilium_clusterwide_network_policy" {
+  type = bool
+  description = "Enable Cilium cluster-wide network policy."
+  default = false
+}
+
 variable "security_posture_mode" {
   description = "Security posture mode.  Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`."
   type        = string