2022-02-04 08:26:43 -08:00
|
|
|
/**
|
|
|
|
* Copyright 2022 Google LLC
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2022-10-12 03:59:36 -07:00
|
|
|
# tfdoc:file:description Project and usage dataset.
|
|
|
|
|
2022-02-04 08:26:43 -08:00
|
|
|
module "gke-project-0" {
|
2022-08-10 06:37:20 -07:00
|
|
|
source = "../../../modules/project"
|
2022-07-29 06:09:57 -07:00
|
|
|
billing_account = var.billing_account_id
|
2022-08-25 05:24:39 -07:00
|
|
|
name = var.project_id
|
2022-07-29 06:09:57 -07:00
|
|
|
parent = var.folder_id
|
2022-02-04 08:26:43 -08:00
|
|
|
prefix = var.prefix
|
2022-06-30 11:20:14 -07:00
|
|
|
group_iam = var.group_iam
|
2022-07-29 06:09:57 -07:00
|
|
|
labels = var.labels
|
2022-08-25 08:35:51 -07:00
|
|
|
iam = merge(var.iam, {
|
|
|
|
"roles/gkehub.serviceAgent" = [
|
|
|
|
"serviceAccount:${module.gke-project-0.service_accounts.robots.fleet}"
|
|
|
|
] }
|
|
|
|
)
|
2022-07-29 05:01:35 -07:00
|
|
|
services = concat(
|
|
|
|
[
|
2022-08-25 08:35:51 -07:00
|
|
|
"anthos.googleapis.com",
|
|
|
|
"anthosconfigmanagement.googleapis.com",
|
2022-07-29 05:01:35 -07:00
|
|
|
"cloudresourcemanager.googleapis.com",
|
|
|
|
"container.googleapis.com",
|
|
|
|
"dns.googleapis.com",
|
|
|
|
"gkeconnect.googleapis.com",
|
|
|
|
"gkehub.googleapis.com",
|
2022-08-25 08:35:51 -07:00
|
|
|
"iam.googleapis.com",
|
2022-07-29 05:01:35 -07:00
|
|
|
"multiclusteringress.googleapis.com",
|
|
|
|
"multiclusterservicediscovery.googleapis.com",
|
2022-08-25 08:35:51 -07:00
|
|
|
"stackdriver.googleapis.com",
|
2022-07-29 05:01:35 -07:00
|
|
|
"trafficdirector.googleapis.com"
|
2022-08-25 08:35:51 -07:00
|
|
|
],
|
|
|
|
var.project_services
|
2022-07-29 05:01:35 -07:00
|
|
|
)
|
2022-02-04 08:26:43 -08:00
|
|
|
shared_vpc_service_config = {
|
|
|
|
attach = true
|
2022-07-29 06:09:57 -07:00
|
|
|
host_project = var.vpc_config.host_project_id
|
2022-07-29 02:31:34 -07:00
|
|
|
service_identity_iam = merge({
|
2022-02-09 09:10:35 -08:00
|
|
|
"roles/compute.networkUser" = [
|
|
|
|
"cloudservices", "container-engine"
|
|
|
|
]
|
|
|
|
"roles/container.hostServiceAgentUser" = [
|
|
|
|
"container-engine"
|
|
|
|
]
|
2022-07-29 02:31:34 -07:00
|
|
|
},
|
|
|
|
!local.fleet_mcs_enabled ? {} : {
|
|
|
|
"roles/multiclusterservicediscovery.serviceAgent" = ["gke-mcs"]
|
|
|
|
"roles/compute.networkViewer" = ["gke-mcs-importer"]
|
|
|
|
})
|
2022-02-04 08:26:43 -08:00
|
|
|
}
|
2022-02-09 09:10:35 -08:00
|
|
|
# specify project-level org policies here if you need them
|
2022-02-04 08:26:43 -08:00
|
|
|
# policy_boolean = {
|
|
|
|
# "constraints/compute.disableGuestAttributesAccess" = true
|
|
|
|
# }
|
|
|
|
# policy_list = {
|
|
|
|
# "constraints/compute.trustedImageProjects" = {
|
|
|
|
# inherit_from_parent = null
|
|
|
|
# suggested_value = null
|
|
|
|
# status = true
|
|
|
|
# values = ["projects/fl01-prod-iac-core-0"]
|
|
|
|
# }
|
|
|
|
# }
|
|
|
|
}
|
|
|
|
|
|
|
|
module "gke-dataset-resource-usage" {
|
2022-08-10 06:37:20 -07:00
|
|
|
source = "../../../modules/bigquery-dataset"
|
2022-02-04 08:26:43 -08:00
|
|
|
project_id = module.gke-project-0.project_id
|
2022-03-08 14:08:49 -08:00
|
|
|
id = "gke_resource_usage"
|
2022-02-04 08:26:43 -08:00
|
|
|
friendly_name = "GKE resource usage."
|
|
|
|
}
|