cloud-foundation-fabric/fast/stages/03-gke-multitenant/module/variables.tf

/**
 * Copyright 2022 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

# we deal with one env here
# 1 project, m clusters
# cloud dns for gke?

variable "authenticator_security_group" {
  description = "Optional group used for Groups for GKE."
  type        = string
  default     = null
}

variable "billing_account" {
  # tfdoc:variable:source 00-bootstrap
  description = "Billing account id and organization id ('nnnnnnnn' or null)."
  type = object({
    id              = string
    organization_id = number
  })
}

variable "cluster_defaults" {
  description = "Default values for optional cluster configurations."
  type = object({
    cloudrun_config                 = bool
    database_encryption_key         = string
    enable_binary_authorization     = bool
    master_authorized_ranges        = map(string)
    max_pods_per_node               = number
    pod_security_policy             = bool
    release_channel                 = string
    vertical_pod_autoscaling        = bool
    gcp_filestore_csi_driver_config = bool
  })
  default = {
    # TODO: review defaults
    cloudrun_config             = false
    database_encryption_key     = null
    enable_binary_authorization = false
    master_authorized_ranges = {
      rfc1918_1 = "10.0.0.0/8"
      rfc1918_2 = "172.16.0.0/12"
      rfc1918_3 = "192.168.0.0/16"
    }
    max_pods_per_node               = 110
    pod_security_policy             = false
    release_channel                 = "STABLE"
    vertical_pod_autoscaling        = false
    gcp_filestore_csi_driver_config = false
  }
}

variable "clusters" {
  description = ""
  type = map(object({
    cluster_autoscaling = object({
      cpu_min    = number
      cpu_max    = number
      memory_min = number
      memory_max = number
    })
    description = string
    dns_domain  = string
    labels      = map(string)
    location    = string
    net = object({
      master_range = string
      pods         = string
      services     = string
      subnet       = string
    })
    overrides = object({
      cloudrun_config                 = bool
      database_encryption_key         = string
      enable_binary_authorization     = bool
      master_authorized_ranges        = map(string)
      max_pods_per_node               = number
      pod_security_policy             = bool
      release_channel                 = string
      vertical_pod_autoscaling        = bool
      gcp_filestore_csi_driver_config = bool
    })
  }))
}

variable "dns_domain" {
  description = "Domain name used for clusters, prefixed by each cluster name. Leave null to disable Cloud DNS for GKE."
  type        = string
  default     = null
}

variable "folder_ids" {
  # tfdoc:variable:source 01-resman
  description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
  type = object({
    gke-dev = string
  })
}

variable "host_project_ids" {
  # tfdoc:variable:source 02-networking
  description = "Host project for the shared VPC."
  type = object({
    dev-spoke-0 = string
  })
}

variable "group_iam" {
  description = "Project-level IAM bindings for groups. Use group emails as keys, list of roles as values."
  type        = map(list(string))
  default     = {}
  nullable    = false
}

variable "labels" {
  description = "Project-level labels."
  type        = map(string)
  default     = {}
}

variable "nodepool_defaults" {
  description = ""
  type = object({
    image_type        = string
    max_pods_per_node = number
    node_locations    = list(string)
    node_tags         = list(string)
    node_taints       = list(string)
  })
  default = {
    image_type        = "COS_CONTAINERD"
    max_pods_per_node = 110
    node_locations    = null
    node_tags         = null
    node_taints       = []
  }
}

variable "nodepools" {
  description = ""
  type = map(map(object({
    node_count         = number
    node_type          = string
    initial_node_count = number
    overrides = object({
      image_type        = string
      max_pods_per_node = number
      node_locations    = list(string)
      node_tags         = list(string)
      node_taints       = list(string)
    })
    preemptible = bool
  })))
}

variable "prefix" {
  description = "Prefix used for resources that need unique names."
  type        = string
}

variable "vpc_self_links" {
  # tfdoc:variable:source 02-networking
  description = "Self link for the shared VPC."
  type = object({
    dev-spoke-0 = string
  })
}
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`/**`
			`* Copyright 2022 Google LLC`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

			`# we deal with one env here`
			`# 1 project, m clusters`
			`# cloud dns for gke?`

Squashing relevant changes from fast-dev-gke-marzi Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-04-03 13:32:52 -07:00			`variable "authenticator_security_group" {`
			`description = "Optional group used for Groups for GKE."`
			`type = string`
			`default = null`
			`}`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00
Update gke stage to use contract setup 2022-02-16 02:55:49 -08:00			`variable "billing_account" {`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`# tfdoc:variable:source 00-bootstrap`
Update gke stage to use contract setup 2022-02-16 02:55:49 -08:00			`description = "Billing account id and organization id ('nnnnnnnn' or null)."`
			`type = object({`
			`id = string`
			`organization_id = number`
			`})`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`}`

			`variable "cluster_defaults" {`
			`description = "Default values for optional cluster configurations."`
			`type = object({`
Squashing relevant changes from fast-dev-gke-marzi Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-04-03 13:32:52 -07:00			`cloudrun_config = bool`
			`database_encryption_key = string`
			`enable_binary_authorization = bool`
			`master_authorized_ranges = map(string)`
			`max_pods_per_node = number`
			`pod_security_policy = bool`
			`release_channel = string`
			`vertical_pod_autoscaling = bool`
			`gcp_filestore_csi_driver_config = bool`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`})`
			`default = {`
			`# TODO: review defaults`
			`cloudrun_config = false`
			`database_encryption_key = null`
			`enable_binary_authorization = false`
			`master_authorized_ranges = {`
			`rfc1918_1 = "10.0.0.0/8"`
			`rfc1918_2 = "172.16.0.0/12"`
			`rfc1918_3 = "192.168.0.0/16"`
			`}`
Squashing relevant changes from fast-dev-gke-marzi Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-04-03 13:32:52 -07:00			`max_pods_per_node = 110`
			`pod_security_policy = false`
			`release_channel = "STABLE"`
			`vertical_pod_autoscaling = false`
			`gcp_filestore_csi_driver_config = false`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`}`
			`}`

			`variable "clusters" {`
			`description = ""`
			`type = map(object({`
			`cluster_autoscaling = object({`
			`cpu_min = number`
			`cpu_max = number`
			`memory_min = number`
			`memory_max = number`
			`})`
			`description = string`
			`dns_domain = string`
			`labels = map(string)`
			`location = string`
			`net = object({`
			`master_range = string`
			`pods = string`
			`services = string`
			`subnet = string`
			`})`
			`overrides = object({`
Squashing relevant changes from fast-dev-gke-marzi Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-04-03 13:32:52 -07:00			`cloudrun_config = bool`
			`database_encryption_key = string`
			`enable_binary_authorization = bool`
			`master_authorized_ranges = map(string)`
			`max_pods_per_node = number`
			`pod_security_policy = bool`
			`release_channel = string`
			`vertical_pod_autoscaling = bool`
			`gcp_filestore_csi_driver_config = bool`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`})`
			`}))`
			`}`

			`variable "dns_domain" {`
wip 2022-06-30 11:20:14 -07:00			`description = "Domain name used for clusters, prefixed by each cluster name. Leave null to disable Cloud DNS for GKE."`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`type = string`
			`default = null`
			`}`

Update gke stage to use contract setup 2022-02-16 02:55:49 -08:00			`variable "folder_ids" {`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`# tfdoc:variable:source 01-resman`
Update gke stage to use contract setup 2022-02-16 02:55:49 -08:00			`description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."`
			`type = object({`
stage 01 2022-06-30 09:22:57 -07:00			`gke-dev = string`
Update gke stage to use contract setup 2022-02-16 02:55:49 -08:00			`})`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`}`

Update gke stage to use contract setup 2022-02-16 02:55:49 -08:00			`variable "host_project_ids" {`
			`# tfdoc:variable:source 02-networking`
			`description = "Host project for the shared VPC."`
			`type = object({`
			`dev-spoke-0 = string`
			`})`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`}`

wip 2022-06-30 11:20:14 -07:00			`variable "group_iam" {`
			`description = "Project-level IAM bindings for groups. Use group emails as keys, list of roles as values."`
			`type = map(list(string))`
			`default = {}`
			`nullable = false`
			`}`

GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`variable "labels" {`
			`description = "Project-level labels."`
			`type = map(string)`
			`default = {}`
			`}`

			`variable "nodepool_defaults" {`
			`description = ""`
			`type = object({`
			`image_type = string`
			`max_pods_per_node = number`
			`node_locations = list(string)`
			`node_tags = list(string)`
			`node_taints = list(string)`
			`})`
			`default = {`
			`image_type = "COS_CONTAINERD"`
			`max_pods_per_node = 110`
			`node_locations = null`
			`node_tags = null`
			`node_taints = []`
			`}`
			`}`

			`variable "nodepools" {`
			`description = ""`
			`type = map(map(object({`
Use new project-level robot bindings 2022-02-09 09:10:35 -08:00			`node_count = number`
			`node_type = string`
clusters creation improvement (#509) * shared_vpc_self_link variable from stage2 * removing shared_vpc_self_link * do not initial_node_count as node_count 2022-02-06 09:58:51 -08:00			`initial_node_count = number`
GKE multitenant Co-authored-by: Daniel Marzini <dmarzi@google.com> 2022-02-04 08:26:43 -08:00			`overrides = object({`
			`image_type = string`
			`max_pods_per_node = number`
			`node_locations = list(string)`
			`node_tags = list(string)`
			`node_taints = list(string)`
			`})`
			`preemptible = bool`
			`})))`
			`}`

			`variable "prefix" {`
			`description = "Prefix used for resources that need unique names."`
			`type = string`
			`}`

Update gke stage to use contract setup 2022-02-16 02:55:49 -08:00			`variable "vpc_self_links" {`
Move GKE example to dev 2022-02-14 15:45:43 -08:00			`# tfdoc:variable:source 02-networking`
			`description = "Self link for the shared VPC."`
Update gke stage to use contract setup 2022-02-16 02:55:49 -08:00			`type = object({`
			`dev-spoke-0 = string`
			`})`
Use new project-level robot bindings 2022-02-09 09:10:35 -08:00			`}`