2022-07-29 06:09:57 -07:00
# GKE Multitenant Module
2022-08-08 04:54:06 -07:00
TODO: add brief explanation and refer back to dev folder?
2022-07-29 06:09:57 -07:00
2022-08-12 02:24:21 -07:00
< p align = "center" >
< img src = "diagram.png" alt = "GKE multitenant" >
< / p >
2022-08-10 06:59:56 -07:00
This is an example of that shows the use of the above variables:
```hcl
# the `cluster_defaults` variable defaults are used and not shown here
clusters = {
"gke-00" = {
cluster_autoscaling = null
description = "gke-00"
dns_domain = null
location = "europe-west1"
labels = {}
net = {
master_range = "172.17.16.0/28"
pods = "pods"
services = "services"
subnet = local.vpc.subnet_self_links["europe-west3/gke-dev-0"]
}
overrides = null
}
"gke-01" = {
cluster_autoscaling = null
description = "gke-01"
dns_domain = null
location = "europe-west3"
labels = {}
net = {
master_range = "172.17.17.0/28"
pods = "pods"
services = "services"
subnet = local.vpc.subnet_self_links["europe-west3/gke-dev-0"]
}
overrides = {
cloudrun_config = false
database_encryption_key = null
gcp_filestore_csi_driver_config = true
master_authorized_ranges = {
rfc1918_1 = "10.0.0.0/8"
}
max_pods_per_node = 64
pod_security_policy = true
release_channel = "STABLE"
vertical_pod_autoscaling = false
}
}
}
nodepools = {
"gke-0" = {
"gke-00-000" = {
initial_node_count = 1
node_count = 1
node_type = "n2-standard-4"
overrides = null
spot = false
}
}
"gke-1" = {
"gke-01-000" = {
initial_node_count = 1
node_count = 1
node_type = "n2-standard-4"
overrides = {
image_type = "UBUNTU_CONTAINERD"
max_pods_per_node = 64
node_locations = []
node_tags = []
node_taints = []
}
spot = true
}
}
}
```
```hcl
fleet_configmanagement_templates = {
default = {
binauthz = false
config_sync = {
git = {
gcp_service_account_email = null
https_proxy = null
policy_dir = "configsync"
secret_type = "none"
source_format = "hierarchy"
sync_branch = "main"
sync_repo = "https://github.com/.../..."
sync_rev = null
sync_wait_secs = null
}
prevent_drift = true
source_format = "hierarchy"
}
hierarchy_controller = null
policy_controller = null
version = "1.10.2"
}
}
fleet_configmanagement_clusters = {
default = ["gke-1", "gke-2"]
}
fleet_features = {
appdevexperience = false
configmanagement = false
identityservice = false
multiclusteringress = "gke-1"
multiclusterservicediscovery = true
servicemesh = false
}
```
2022-07-29 06:09:57 -07:00
<!-- TFDOC OPTS files:1 show_extra:1 -->
<!-- BEGIN TFDOC -->
## Files
| name | description | modules |
|---|---|---|
| [gke-clusters.tf ](./gke-clusters.tf ) | None | < code > gke-cluster</ code > |
| [gke-hub.tf ](./gke-hub.tf ) | None | < code > gke-hub</ code > |
| [gke-nodepools.tf ](./gke-nodepools.tf ) | None | < code > gke-nodepool</ code > |
| [main.tf ](./main.tf ) | Module-level locals and resources. | < code > bigquery-dataset</ code > · < code > project</ code > |
| [outputs.tf ](./outputs.tf ) | Output variables. | |
| [variables.tf ](./variables.tf ) | Module variables. | |
## Variables
| name | description | type | required | default | producer |
|---|---|:---:|:---:|:---:|:---:|
| [billing_account_id ](variables.tf#L27 ) | Billing account id. | < code > string</ code > | ✓ | | |
2022-08-02 10:12:52 -07:00
| [clusters ](variables.tf#L61 ) | | < code title = "map(object({ cluster_autoscaling = object({ cpu_min = number cpu_max = number memory_min = number memory_max = number }) description = string dns_domain = string labels = map(string) location = string net = object({ master_range = string pods = string services = string subnet = string }) overrides = object({ cloudrun_config = bool database_encryption_key = string master_authorized_ranges = map(string) max_pods_per_node = number pod_security_policy = bool release_channel = string vertical_pod_autoscaling = bool gcp_filestore_csi_driver_config = bool }) }))" > map( object({…})) </ code > | ✓ | | |
| [folder_id ](variables.tf#L163 ) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | < code > string</ code > | ✓ | | |
2022-08-06 02:00:46 -07:00
| [nodepools ](variables.tf#L206 ) | | < code title = "map(map(object({ node_count = number node_type = string initial_node_count = number overrides = object({ image_type = string max_pods_per_node = number node_locations = list(string) node_tags = list(string) node_taints = list(string) }) spot = bool })))" > map( map( object({…}))) </ code > | ✓ | | |
2022-08-30 11:39:47 -07:00
| [prefix ](variables.tf#L236 ) | Prefix used for resources that need unique names. | < code > string</ code > | ✓ | | |
| [project_id ](variables.tf#L241 ) | ID of the project that will contain all the clusters. | < code > string</ code > | ✓ | | |
| [vpc_config ](variables.tf#L253 ) | Shared VPC project and VPC details. | < code title = "object({ host_project_id = string vpc_self_link = string })" > object({…}) </ code > | ✓ | | |
2022-07-29 06:09:57 -07:00
| [authenticator_security_group ](variables.tf#L21 ) | Optional group used for Groups for GKE. | < code > string</ code > | | < code > null</ code > | |
2022-08-02 10:12:52 -07:00
| [cluster_defaults ](variables.tf#L32 ) | Default values for optional cluster configurations. | < code title = "object({ cloudrun_config = bool database_encryption_key = string master_authorized_ranges = map(string) max_pods_per_node = number pod_security_policy = bool release_channel = string vertical_pod_autoscaling = bool gcp_filestore_csi_driver_config = bool })" > object({…}) </ code > | | < code title = "{ cloudrun_config = false database_encryption_key = null master_authorized_ranges = { rfc1918_1 = "10.0.0.0/8" rfc1918_2 = "172.16.0.0/12" rfc1918_3 = "192.168.0.0/16" } max_pods_per_node = 110 pod_security_policy = false release_channel = "STABLE" vertical_pod_autoscaling = false gcp_filestore_csi_driver_config = false }" > {…} </ code > | |
| [dns_domain ](variables.tf#L94 ) | Domain name used for clusters, prefixed by each cluster name. Leave null to disable Cloud DNS for GKE. | < code > string</ code > | | < code > null</ code > | |
| [fleet_configmanagement_clusters ](variables.tf#L100 ) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | < code > map( list( string)) </ code > | | < code > {} </ code > | |
| [fleet_configmanagement_templates ](variables.tf#L108 ) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | < code title = "map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))" > map( object({…})) </ code > | | < code > {} </ code > | |
| [fleet_features ](variables.tf#L143 ) | Enable and configue fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | < code title = "object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })" > object({…}) </ code > | | < code > null</ code > | |
| [fleet_workload_identity ](variables.tf#L156 ) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | < code > bool</ code > | | < code > true</ code > | |
| [group_iam ](variables.tf#L168 ) | Project-level IAM bindings for groups. Use group emails as keys, list of roles as values. | < code > map( list( string)) </ code > | | < code > {} </ code > | |
| [iam ](variables.tf#L175 ) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | < code > map( list( string)) </ code > | | < code > {} </ code > | |
| [labels ](variables.tf#L182 ) | Project-level labels. | < code > map( string) </ code > | | < code > {} </ code > | |
| [nodepool_defaults ](variables.tf#L188 ) | | < code title = "object({ image_type = string max_pods_per_node = number node_locations = list(string) node_tags = list(string) node_taints = list(string) })" > object({…}) </ code > | | < code title = "{ image_type = "COS_CONTAINERD" max_pods_per_node = 110 node_locations = null node_tags = null node_taints = [] }" > {…} </ code > | |
2022-08-30 11:39:47 -07:00
| [peering_config ](variables.tf#L223 ) | Configure peering with the control plane VPC. Requires compute.networks.updatePeering. Set to null if you don't want to update the default peering configuration. | < code title = "object({ export_routes = bool import_routes = bool })" > object({…}) </ code > | | < code title = "{ export_routes = true // TODO(jccb) is there any situation where the control plane VPC would export any routes? import_routes = false }" > {…} </ code > | |
| [project_services ](variables.tf#L246 ) | Additional project services to enable. | < code > list( string) </ code > | | < code > [] </ code > | |
2022-07-29 06:09:57 -07:00
## Outputs
| name | description | sensitive | consumers |
|---|---|:---:|---|
| [cluster_ids ](outputs.tf#L22 ) | Cluster ids. | | |
| [clusters ](outputs.tf#L17 ) | Cluster resources. | | |
| [project_id ](outputs.tf#L29 ) | GKE project id. | | |
<!-- END TFDOC -->
