Enable Private Nodes by default in GKE Node Pool

kadupoornima · kadupoornima · commit 6c7e817483b8 · 2025-11-04T07:08:04.000Z
diff --git a/examples/gke-h4d/gke-h4d.yaml b/examples/gke-h4d/gke-h4d.yaml
@@ -161,6 +161,7 @@ deployment_groups:
       zones: [$(vars.zone)]
       disk_size_gb: $(vars.h4d_node_pool_disk_size_gb)
       static_node_count: $(vars.static_node_count)
+      enable_private_nodes: false
       reservation_affinity:
         consume_reservation_type: SPECIFIC_RESERVATION
         specific_reservations:
diff --git a/modules/compute/gke-node-pool/README.md b/modules/compute/gke-node-pool/README.md
@@ -328,7 +328,7 @@ limitations under the License.
 | <a name="input_enable_flex_start"></a> [enable\_flex\_start](#input\_enable\_flex\_start) | If true, start the node pool with Flex Start provisioning model.<br/>To learn more about flex-start mode, please refer to<br/>https://cloud.google.com/kubernetes-engine/docs/how-to/dws-flex-start-training and<br/>https://cloud.google.com/kubernetes-engine/docs/how-to/provisioningrequest | `bool` | `false` | no |
 | <a name="input_enable_gcfs"></a> [enable\_gcfs](#input\_enable\_gcfs) | Enable the Google Container Filesystem (GCFS). See [restrictions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#gcfs_config). | `bool` | `false` | no |
 | <a name="input_enable_numa_aware_scheduling"></a> [enable\_numa\_aware\_scheduling](#input\_enable\_numa\_aware\_scheduling) | Enable [NUMA-aware](https://cloud.google.com/kubernetes-engine/distributed-cloud/bare-metal/docs/vm-runtime/numa) scheduling. | `bool` | `false` | no |
-| <a name="input_enable_private_nodes"></a> [enable\_private\_nodes](#input\_enable\_private\_nodes) | Whether nodes have internal IP addresses only. | `bool` | `false` | no |
+| <a name="input_enable_private_nodes"></a> [enable\_private\_nodes](#input\_enable\_private\_nodes) | Whether nodes have internal IP addresses only. | `bool` | `true` | no |
 | <a name="input_enable_queued_provisioning"></a> [enable\_queued\_provisioning](#input\_enable\_queued\_provisioning) | If true, enables Dynamic Workload Scheduler and adds the cloud.google.com/gke-queued taint to the node pool. | `bool` | `false` | no |
 | <a name="input_enable_secure_boot"></a> [enable\_secure\_boot](#input\_enable\_secure\_boot) | Enable secure boot for the nodes.  Keep enabled unless custom kernel modules need to be loaded. See [here](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#secure-boot) for more info. | `bool` | `true` | no |
 | <a name="input_gke_version"></a> [gke\_version](#input\_gke\_version) | GKE version | `string` | n/a | yes |
diff --git a/modules/compute/gke-node-pool/variables.tf b/modules/compute/gke-node-pool/variables.tf
@@ -465,7 +465,7 @@ variable "max_run_duration" {
 variable "enable_private_nodes" {
   description = "Whether nodes have internal IP addresses only."
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "num_node_pools" {

Original file line number	Diff line number	Diff line change
`@@ -465,7 +465,7 @@ variable "max_run_duration" {`
`465`	`465`	`variable "enable_private_nodes" {`
`466`	`466`	`description = "Whether nodes have internal IP addresses only."`
`467`	`467`	`type = bool`
`468`		`- default = false`
	`468`	`+ default = true`
`469`	`469`	`}`
`470`	`470`
`471`	`471`	`variable "num_node_pools" {`