2023-09-14 15:25:57 -07:00
# GKE Standard cluster module
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
2023-09-14 15:25:57 -07:00
This module offers a way to create and manage Google Kubernetes Engine (GKE) [Standard clusters ](https://cloud.google.com/kubernetes-engine/docs/concepts/choose-cluster-mode#why-standard ). With its sensible default settings based on best practices and authors' experience as Google Cloud practitioners, the module accommodates for many common use cases out-of-the-box, without having to rely on verbose configuration.
> [!IMPORTANT]
> This module should be used together with the [`gke-nodepool`](../gke-nodepool/) module because the default node pool is deleted upon cluster creation and cannot be re-created.
<!-- BEGIN TOC -->
- [Example ](#example )
- [GKE Standard cluster ](#gke-standard-cluster )
- [Enable Dataplane V2 ](#enable-dataplane-v2 )
- [Managing GKE logs ](#managing-gke-logs )
- [Monitoring configuration ](#monitoring-configuration )
- [Disable GKE logs or metrics collection ](#disable-gke-logs-or-metrics-collection )
- [Cloud DNS ](#cloud-dns )
- [Backup for GKE ](#backup-for-gke )
- [Automatic creation of new secondary ranges ](#automatic-creation-of-new-secondary-ranges )
- [Variables ](#variables )
- [Outputs ](#outputs )
<!-- END TOC -->
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
## Example
2023-09-14 15:25:57 -07:00
### GKE Standard cluster
This example shows how to [create a zonal GKE cluster in Standard mode ](https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-zonal-cluster ).
2021-06-04 03:29:12 -07:00
```hcl
module "cluster-1" {
2023-04-21 05:08:13 -07:00
source = "./fabric/modules/gke-cluster-standard"
2022-10-10 00:38:21 -07:00
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {
pods = "pods"
services = "services"
}
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
2022-12-16 03:53:56 -08:00
master_ipv4_cidr_block = "192.168.0.0/28"
2021-06-04 03:29:12 -07:00
}
2022-10-10 00:38:21 -07:00
max_pods_per_node = 32
2021-06-04 03:29:12 -07:00
private_cluster_config = {
enable_private_endpoint = true
master_global_access = false
}
labels = {
environment = "dev"
}
}
2023-01-19 04:03:30 -08:00
# tftest modules=1 resources=1 inventory=basic.yaml
2021-06-04 03:29:12 -07:00
```
2023-09-14 15:25:57 -07:00
### Enable Dataplane V2
This example shows how to [create a zonal GKE Cluster with Dataplane V2 enabled ](https://cloud.google.com/kubernetes-engine/docs/how-to/dataplane-v2 ).
2021-06-04 03:29:12 -07:00
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
```hcl
module "cluster-1" {
2023-04-21 05:08:13 -07:00
source = "./fabric/modules/gke-cluster-standard"
2022-10-10 00:38:21 -07:00
project_id = "myproject"
2023-01-19 04:03:30 -08:00
name = "cluster-dataplane-v2"
2022-10-10 00:38:21 -07:00
location = "europe-west1-b"
vpc_config = {
2023-09-14 03:51:43 -07:00
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {} # use default names "pods" and "services"
2022-10-10 00:38:21 -07:00
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
2022-12-16 03:53:56 -08:00
master_ipv4_cidr_block = "192.168.0.0/28"
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
}
private_cluster_config = {
enable_private_endpoint = true
2021-04-07 00:50:40 -07:00
master_global_access = false
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
}
2022-10-10 00:38:21 -07:00
enable_features = {
2023-10-06 01:05:54 -07:00
dataplane_v2 = true
fqdn_network_policy = true
workload_identity = true
2022-10-10 00:38:21 -07:00
}
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
labels = {
environment = "dev"
}
}
2023-01-19 04:03:30 -08:00
# tftest modules=1 resources=1 inventory=dataplane-v2.yaml
```
2023-02-10 02:10:34 -08:00
2023-08-31 04:49:15 -07:00
### Managing GKE logs
This example shows you how to [control which logs are sent from your GKE cluster to Cloud Logging ](https://cloud.google.com/stackdriver/docs/solutions/gke/installing ).
When you create a new GKE cluster, [Cloud Operations for GKE ](https://cloud.google.com/stackdriver/docs/solutions/gke ) integration with Cloud Logging is enabled by default and [System logs ](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-logs#what_logs ) are collected. You can enable collection of several other [types of logs ](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-logs#what_logs ). The following example enables collection of *all* optional logs.
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-standard"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
2023-09-14 03:51:43 -07:00
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {}
2023-08-31 04:49:15 -07:00
}
logging_config = {
enable_workloads_logs = true
enable_api_server_logs = true
enable_scheduler_logs = true
enable_controller_manager_logs = true
}
}
# tftest modules=1 resources=1 inventory=logging-config-enable-all.yaml
```
2023-09-14 15:25:57 -07:00
### Monitoring configuration
2023-09-15 04:18:45 -07:00
This example shows how to [configure collection of Kubernetes control plane metrics ](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-metrics#enable-control-plane-metrics ). These metrics are optional and are not collected by default.
2023-09-14 15:25:57 -07:00
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-standard"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
2023-09-15 04:18:45 -07:00
secondary_range_names = {} # use default names "pods" and "services"
2023-09-14 15:25:57 -07:00
}
monitoring_config = {
enable_api_server_metrics = true
enable_controller_manager_metrics = true
enable_scheduler_metrics = true
}
}
# tftest modules=1 resources=1 inventory=monitoring-config-control-plane.yaml
```
2023-09-15 04:18:45 -07:00
The next example shows how to [configure collection of kube state metrics ](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-metrics#enable-ksm ). These metrics are optional and are not collected by default.
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-standard"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {} # use default names "pods" and "services"
}
monitoring_config = {
enable_daemonset_metrics = true
enable_deployment_metrics = true
enable_hpa_metrics = true
enable_pod_metrics = true
enable_statefulset_metrics = true
enable_storage_metrics = true
# Kube state metrics collection requires Google Cloud Managed Service for Prometheus,
# which is enabled by default.
# enable_managed_prometheus = true
}
}
# tftest modules=1 resources=1 inventory=monitoring-config-kube-state.yaml
```
The *control plane metrics* and *kube state metrics* collection can be configured in a single `monitoring_config` block.
2023-08-31 04:49:15 -07:00
2023-09-14 15:25:57 -07:00
### Disable GKE logs or metrics collection
2023-08-31 04:49:15 -07:00
2023-09-14 15:25:57 -07:00
> [!WARNING]
2023-08-31 04:49:15 -07:00
> If you've disabled Cloud Logging or Cloud Monitoring, GKE customer support
> is offered on a best-effort basis and might require additional effort
> from your engineering team.
2023-09-14 15:25:57 -07:00
This example shows how to fully disable logs collection on a zonal GKE Standard cluster. This is not recommended.
2023-08-31 04:49:15 -07:00
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-standard"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
2023-09-14 03:51:43 -07:00
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {}
2023-08-31 04:49:15 -07:00
}
logging_config = {
enable_system_logs = false
}
}
# tftest modules=1 resources=1 inventory=logging-config-disable-all.yaml
```
2023-09-15 04:18:45 -07:00
The next example shows how to fully disable metrics collection on a zonal GKE Standard cluster. This is not recommended.
2023-09-14 15:25:57 -07:00
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-standard"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {}
}
monitoring_config = {
enable_system_metrics = false
enable_managed_prometheus = false
}
}
# tftest modules=1 resources=1 inventory=monitoring-config-disable-all.yaml
```
2023-02-10 02:10:34 -08:00
### Cloud DNS
This example shows how to [use Cloud DNS as a Kubernetes DNS provider ](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns ) for GKE Standard clusters.
```hcl
module "cluster-1" {
2023-04-21 05:08:13 -07:00
source = "./fabric/modules/gke-cluster-standard"
2023-02-10 02:10:34 -08:00
project_id = var.project_id
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
2023-09-14 03:51:43 -07:00
secondary_range_names = {}
2023-02-10 02:10:34 -08:00
}
enable_features = {
dns = {
provider = "CLOUD_DNS"
scope = "CLUSTER_SCOPE"
domain = "gke.local"
}
}
}
# tftest modules=1 resources=1 inventory=dns.yaml
```
2023-03-24 07:59:18 -07:00
### Backup for GKE
2023-09-14 15:25:57 -07:00
> [!NOTE]
> Although Backup for GKE can be enabled as an add-on when configuring your GKE clusters, it is a separate service from GKE.
[Backup for GKE ](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke ) is a service for backing up and restoring workloads in GKE clusters. It has two components:
* A [Google Cloud API ](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest ) that serves as the control plane for the service.
* A GKE add-on (the [Backup for GKE agent ](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke#agent_overview )) that must be enabled in each cluster for which you wish to perform backup and restore operations.
This example shows how to [enable Backup for GKE on a new zonal GKE Standard cluster ](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/how-to/install#enable_on_a_new_cluster_optional ) and [plan a set of backups ](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/how-to/backup-plan ).
2023-03-24 07:59:18 -07:00
```hcl
module "cluster-1" {
2023-04-21 05:08:13 -07:00
source = "./fabric/modules/gke-cluster-standard"
2023-03-24 07:59:18 -07:00
project_id = var.project_id
name = "cluster-1"
2023-03-29 02:57:40 -07:00
location = "europe-west1-b"
2023-03-24 07:59:18 -07:00
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
2023-09-14 03:56:17 -07:00
secondary_range_names = {}
2023-03-24 07:59:18 -07:00
}
2023-03-29 02:57:40 -07:00
backup_configs = {
2023-03-24 07:59:18 -07:00
enable_backup_agent = true
backup_plans = {
"backup-1" = {
2023-10-19 10:54:22 -07:00
region = "europe-west2"
2023-03-29 02:57:40 -07:00
schedule = "0 9 * * 1"
2023-10-19 10:54:22 -07:00
applications = {
namespace-1 = ["app-1", "app-2"]
}
2023-03-29 02:57:40 -07:00
}
2023-03-24 07:59:18 -07:00
}
}
}
2023-03-29 02:57:40 -07:00
# tftest modules=1 resources=2 inventory=backup.yaml
2023-03-24 07:59:18 -07:00
```
2023-09-14 04:08:43 -07:00
### Automatic creation of new secondary ranges
You can use `var.vpc_config.secondary_range_blocks` to let GKE create new secondary ranges for the cluster. The example below reserves an available /14 block for pods and a /20 for services.
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-standard"
project_id = var.project_id
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_blocks = {
pods = ""
services = "/20" # can be an empty string as well
}
}
}
# tftest modules=1 resources=1
```
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
2021-12-20 23:51:51 -08:00
|---|---|:---:|:---:|:---:|
2023-12-12 11:17:51 -08:00
| [location ](variables.tf#L211 ) | Cluster zone or region. | < code > string</ code > | ✓ | |
| [name ](variables.tf#L322 ) | Cluster name. | < code > string</ code > | ✓ | |
| [project_id ](variables.tf#L358 ) | Cluster project id. | < code > string</ code > | ✓ | |
| [vpc_config ](variables.tf#L369 ) | VPC-level configuration. | < code title = "object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })" > object({…}) </ code > | ✓ | |
2023-10-19 10:54:22 -07:00
| [backup_configs ](variables.tf#L17 ) | Configuration for Backup for GKE. | < code title = "object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ region = string applications = optional(map(list(string))) encryption_key = optional(string) include_secrets = optional(bool, true) include_volume_data = optional(bool, true) namespaces = optional(list(string)) schedule = optional(string) retention_policy_days = optional(number) retention_policy_lock = optional(bool, false) retention_policy_delete_lock_days = optional(number) })), {}) })" > object({…}) </ code > | | < code > {} </ code > |
2023-12-12 11:17:51 -08:00
| [cluster_autoscaling ](variables.tf#L38 ) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | < code title = "object({ autoscaling_profile = optional(string, "BALANCED") auto_provisioning_defaults = optional(object({ boot_disk_kms_key = optional(string) disk_size = optional(number) disk_type = optional(string, "pd-standard") image_type = optional(string) oauth_scopes = optional(list(string)) service_account = optional(string) management = optional(object({ auto_repair = optional(bool, true) auto_upgrade = optional(bool, true) })) shielded_instance_config = optional(object({ integrity_monitoring = optional(bool, true) secure_boot = optional(bool, false) })) upgrade_settings = optional(object({ blue_green = optional(object({ node_pool_soak_duration = optional(string) standard_rollout_policy = optional(object({ batch_percentage = optional(number) batch_node_count = optional(number) batch_soak_duration = optional(string) })) })) surge = optional(object({ max = optional(number) unavailable = optional(number) })) })) })) cpu_limits = optional(object({ min = number max = number })) mem_limits = optional(object({ min = number max = number })) gpu_resources = optional(list(object({ resource_type = string min = number max = number }))) })" > object({…}) </ code > | | < code > null</ code > |
| [deletion_protection ](variables.tf#L115 ) | Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail. | < code > bool</ code > | | < code > true</ code > |
| [description ](variables.tf#L122 ) | Cluster description. | < code > string</ code > | | < code > null</ code > |
| [enable_addons ](variables.tf#L128 ) | Addons enabled in the cluster (true means enabled). | < code title = "object({ cloudrun = optional(bool, false) config_connector = optional(bool, false) dns_cache = optional(bool, false) gce_persistent_disk_csi_driver = optional(bool, false) gcp_filestore_csi_driver = optional(bool, false) gcs_fuse_csi_driver = optional(bool, false) horizontal_pod_autoscaling = optional(bool, false) http_load_balancing = optional(bool, false) istio = optional(object({ enable_tls = bool })) kalm = optional(bool, false) network_policy = optional(bool, false) })" > object({…}) </ code > | | < code title = "{ horizontal_pod_autoscaling = true http_load_balancing = true }" > {…} </ code > |
| [enable_features ](variables.tf#L152 ) | Enable cluster-level features. Certain features allow configuration. | < code title = "object({ binary_authorization = optional(bool, false) cost_management = optional(bool, false) dns = optional(object({ provider = optional(string) scope = optional(string) domain = optional(string) })) database_encryption = optional(object({ state = string key_name = string })) dataplane_v2 = optional(bool, false) fqdn_network_policy = optional(bool, false) gateway_api = optional(bool, false) groups_for_rbac = optional(string) image_streaming = optional(bool, false) intranode_visibility = optional(bool, false) l4_ilb_subsetting = optional(bool, false) mesh_certificates = optional(bool) pod_security_policy = optional(bool, false) resource_usage_export = optional(object({ dataset = string enable_network_egress_metering = optional(bool) enable_resource_consumption_metering = optional(bool) })) shielded_nodes = optional(bool, false) tpu = optional(bool, false) upgrade_notifications = optional(object({ topic_id = optional(string) })) vertical_pod_autoscaling = optional(bool, false) workload_identity = optional(bool, true) })" > object({…}) </ code > | | < code title = "{ workload_identity = true }" > {…} </ code > |
| [issue_client_certificate ](variables.tf#L199 ) | Enable issuing client certificate. | < code > bool</ code > | | < code > false</ code > |
| [labels ](variables.tf#L205 ) | Cluster resource labels. | < code > map( string) </ code > | | < code > null</ code > |
| [logging_config ](variables.tf#L216 ) | Logging configuration. | < code title = "object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, false) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) })" > object({…}) </ code > | | < code > {} </ code > |
| [maintenance_config ](variables.tf#L237 ) | Maintenance window configuration. | < code title = "object({ daily_window_start_time = optional(string) recurring_window = optional(object({ start_time = string end_time = string recurrence = string })) maintenance_exclusions = optional(list(object({ name = string start_time = string end_time = string scope = optional(string) }))) })" > object({…}) </ code > | | < code title = "{ daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }" > {…} </ code > |
| [max_pods_per_node ](variables.tf#L260 ) | Maximum number of pods per node in this cluster. | < code > number</ code > | | < code > 110</ code > |
| [min_master_version ](variables.tf#L266 ) | Minimum version of the master, defaults to the version of the most recent official release. | < code > string</ code > | | < code > null</ code > |
| [monitoring_config ](variables.tf#L272 ) | Monitoring configuration. Google Cloud Managed Service for Prometheus is enabled by default. | < code title = "object({ enable_system_metrics = optional(bool, true) enable_api_server_metrics = optional(bool, false) enable_controller_manager_metrics = optional(bool, false) enable_scheduler_metrics = optional(bool, false) enable_daemonset_metrics = optional(bool, false) enable_deployment_metrics = optional(bool, false) enable_hpa_metrics = optional(bool, false) enable_pod_metrics = optional(bool, false) enable_statefulset_metrics = optional(bool, false) enable_storage_metrics = optional(bool, false) enable_managed_prometheus = optional(bool, true) })" > object({…}) </ code > | | < code > {} </ code > |
| [node_config ](variables.tf#L327 ) | Node-level configuration. | < code title = "object({ boot_disk_kms_key = optional(string) service_account = optional(string) tags = optional(list(string)) })" > object({…}) </ code > | | < code > {} </ code > |
| [node_locations ](variables.tf#L337 ) | Zones in which the cluster's nodes are located. | < code > list( string) </ code > | | < code > [] </ code > |
| [private_cluster_config ](variables.tf#L344 ) | Private cluster configuration. | < code title = "object({ enable_private_endpoint = optional(bool) master_global_access = optional(bool) peering_config = optional(object({ export_routes = optional(bool) import_routes = optional(bool) project_id = optional(string) })) })" > object({…}) </ code > | | < code > null</ code > |
| [release_channel ](variables.tf#L363 ) | Release channel for GKE upgrades. | < code > string</ code > | | < code > null</ code > |
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
## Outputs
| name | description | sensitive |
|---|---|:---:|
2022-01-22 04:34:35 -08:00
| [ca_certificate ](outputs.tf#L17 ) | Public certificate of the cluster (base64-encoded). | ✓ |
| [cluster ](outputs.tf#L23 ) | Cluster resource. | ✓ |
| [endpoint ](outputs.tf#L29 ) | Cluster endpoint. | |
2023-06-02 07:07:22 -07:00
| [id ](outputs.tf#L34 ) | FUlly qualified cluster id. | |
2022-07-25 07:13:04 -07:00
| [location ](outputs.tf#L39 ) | Cluster location. | |
| [master_version ](outputs.tf#L44 ) | Master version. | |
| [name ](outputs.tf#L49 ) | Cluster name. | |
| [notifications ](outputs.tf#L54 ) | GKE PubSub notifications topic. | |
| [self_link ](outputs.tf#L59 ) | Cluster self link. | ✓ |
2023-02-24 00:38:05 -08:00
| [workload_identity_pool ](outputs.tf#L65 ) | Workload identity pool. | |
2022-04-20 02:36:53 -07:00
<!-- END TFDOC -->