Merge pull request #272 from terraform-google-modules/jccb/autopilot
Autopilot support
This commit is contained in:
commit
278df028f6
|
@ -75,12 +75,13 @@ module "cluster-1" {
|
||||||
| secondary_range_pods | Subnet secondary range name used for pods. | <code title="">string</code> | ✓ | |
|
| secondary_range_pods | Subnet secondary range name used for pods. | <code title="">string</code> | ✓ | |
|
||||||
| secondary_range_services | Subnet secondary range name used for services. | <code title="">string</code> | ✓ | |
|
| secondary_range_services | Subnet secondary range name used for services. | <code title="">string</code> | ✓ | |
|
||||||
| subnetwork | VPC subnetwork name or self link. | <code title="">string</code> | ✓ | |
|
| subnetwork | VPC subnetwork name or self link. | <code title="">string</code> | ✓ | |
|
||||||
| *addons* | Addons enabled in the cluster (true means enabled). | <code title="object({ cloudrun_config = bool dns_cache_config = bool horizontal_pod_autoscaling = bool http_load_balancing = bool istio_config = object({ enabled = bool tls = bool }) network_policy_config = bool gce_persistent_disk_csi_driver_config = bool })">object({...})</code> | | <code title="{ cloudrun_config = false dns_cache_config = false horizontal_pod_autoscaling = true http_load_balancing = true istio_config = { enabled = false tls = false } network_policy_config = false gce_persistent_disk_csi_driver_config = false }">...</code> |
|
| *addons* | Addons enabled in the cluster (true means enabled). | <code title="object({ cloudrun_config = bool dns_cache_config = bool horizontal_pod_autoscaling = bool http_load_balancing = bool istio_config = object({ enabled = bool tls = bool }) network_policy_config = bool gce_persistent_disk_csi_driver_config = bool })">object({...})</code> | | <code title="{ cloudrun_config = false dns_cache_config = false horizontal_pod_autoscaling = true http_load_balancing = true istio_config = { enabled = false tls = false } network_policy_config = false gce_persistent_disk_csi_driver_config = false }">...</code> |
|
||||||
| *authenticator_security_group* | RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com. | <code title="">string</code> | | <code title="">null</code> |
|
| *authenticator_security_group* | RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com. | <code title="">string</code> | | <code title="">null</code> |
|
||||||
| *cluster_autoscaling* | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object({ enabled = bool cpu_min = number cpu_max = number memory_min = number memory_max = number })">object({...})</code> | | <code title="{ enabled = false cpu_min = 0 cpu_max = 0 memory_min = 0 memory_max = 0 }">...</code> |
|
| *cluster_autoscaling* | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object({ enabled = bool cpu_min = number cpu_max = number memory_min = number memory_max = number })">object({...})</code> | | <code title="{ enabled = false cpu_min = 0 cpu_max = 0 memory_min = 0 memory_max = 0 }">...</code> |
|
||||||
| *database_encryption* | Enable and configure GKE application-layer secrets encryption. | <code title="object({ enabled = bool state = string key_name = string })">object({...})</code> | | <code title="{ enabled = false state = "DECRYPTED" key_name = null }">...</code> |
|
| *database_encryption* | Enable and configure GKE application-layer secrets encryption. | <code title="object({ enabled = bool state = string key_name = string })">object({...})</code> | | <code title="{ enabled = false state = "DECRYPTED" key_name = null }">...</code> |
|
||||||
| *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | <code title="">number</code> | | <code title="">110</code> |
|
| *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | <code title="">number</code> | | <code title="">110</code> |
|
||||||
| *description* | Cluster description. | <code title="">string</code> | | <code title="">null</code> |
|
| *description* | Cluster description. | <code title="">string</code> | | <code title="">null</code> |
|
||||||
|
| *enable_autopilot* | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) | <code title="">bool</code> | | <code title="">false</code> |
|
||||||
| *enable_binary_authorization* | Enable Google Binary Authorization. | <code title="">bool</code> | | <code title="">null</code> |
|
| *enable_binary_authorization* | Enable Google Binary Authorization. | <code title="">bool</code> | | <code title="">null</code> |
|
||||||
| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | <code title="">bool</code> | | <code title="">false</code> |
|
| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | <code title="">bool</code> | | <code title="">false</code> |
|
||||||
| *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | <code title="">bool</code> | | <code title="">null</code> |
|
| *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | <code title="">bool</code> | | <code title="">null</code> |
|
||||||
|
|
|
@ -42,15 +42,16 @@ resource "google_container_cluster" "cluster" {
|
||||||
logging_service = var.logging_service
|
logging_service = var.logging_service
|
||||||
monitoring_service = var.monitoring_service
|
monitoring_service = var.monitoring_service
|
||||||
resource_labels = var.labels
|
resource_labels = var.labels
|
||||||
default_max_pods_per_node = var.default_max_pods_per_node
|
default_max_pods_per_node = var.enable_autopilot ? null : var.default_max_pods_per_node
|
||||||
enable_binary_authorization = var.enable_binary_authorization
|
enable_binary_authorization = var.enable_binary_authorization
|
||||||
enable_intranode_visibility = var.enable_intranode_visibility
|
enable_intranode_visibility = var.enable_intranode_visibility
|
||||||
enable_shielded_nodes = var.enable_shielded_nodes
|
enable_shielded_nodes = var.enable_shielded_nodes
|
||||||
enable_tpu = var.enable_tpu
|
enable_tpu = var.enable_tpu
|
||||||
initial_node_count = 1
|
initial_node_count = 1
|
||||||
remove_default_node_pool = true
|
remove_default_node_pool = var.enable_autopilot ? null : true
|
||||||
datapath_provider = var.enable_dataplane_v2 ? "ADVANCED_DATAPATH" : "DATAPATH_PROVIDER_UNSPECIFIED"
|
datapath_provider = var.enable_dataplane_v2 ? "ADVANCED_DATAPATH" : "DATAPATH_PROVIDER_UNSPECIFIED"
|
||||||
|
enable_autopilot = var.enable_autopilot == true ? true : null
|
||||||
|
|
||||||
# node_config {}
|
# node_config {}
|
||||||
# NOTE: Default node_pool is deleted, so node_config (here) is extranneous.
|
# NOTE: Default node_pool is deleted, so node_config (here) is extranneous.
|
||||||
# Specify that node_config as an parameter to gke-nodepool module instead.
|
# Specify that node_config as an parameter to gke-nodepool module instead.
|
||||||
|
@ -66,8 +67,11 @@ resource "google_container_cluster" "cluster" {
|
||||||
horizontal_pod_autoscaling {
|
horizontal_pod_autoscaling {
|
||||||
disabled = !var.addons.horizontal_pod_autoscaling
|
disabled = !var.addons.horizontal_pod_autoscaling
|
||||||
}
|
}
|
||||||
network_policy_config {
|
dynamic "network_policy_config" {
|
||||||
disabled = !var.addons.network_policy_config
|
for_each = !var.enable_autopilot ? [""] : []
|
||||||
|
content {
|
||||||
|
disabled = !var.addons.network_policy_config
|
||||||
|
}
|
||||||
}
|
}
|
||||||
cloudrun_config {
|
cloudrun_config {
|
||||||
disabled = !var.addons.cloudrun_config
|
disabled = !var.addons.cloudrun_config
|
||||||
|
@ -125,7 +129,7 @@ resource "google_container_cluster" "cluster" {
|
||||||
dynamic "network_policy" {
|
dynamic "network_policy" {
|
||||||
for_each = var.addons.network_policy_config ? [""] : []
|
for_each = var.addons.network_policy_config ? [""] : []
|
||||||
content {
|
content {
|
||||||
enabled = var.enable_dataplane_v2 ? false : true
|
enabled = var.enable_dataplane_v2 ? false : true
|
||||||
provider = var.enable_dataplane_v2 ? "PROVIDER_UNSPECIFIED" : "CALICO"
|
provider = var.enable_dataplane_v2 ? "PROVIDER_UNSPECIFIED" : "CALICO"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -217,7 +221,7 @@ resource "google_container_cluster" "cluster" {
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic "workload_identity_config" {
|
dynamic "workload_identity_config" {
|
||||||
for_each = var.workload_identity ? [""] : []
|
for_each = var.workload_identity && !var.enable_autopilot ? [""] : []
|
||||||
content {
|
content {
|
||||||
identity_namespace = "${var.project_id}.svc.id.goog"
|
identity_namespace = "${var.project_id}.svc.id.goog"
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,9 +25,7 @@ variable "addons" {
|
||||||
enabled = bool
|
enabled = bool
|
||||||
tls = bool
|
tls = bool
|
||||||
})
|
})
|
||||||
|
network_policy_config = bool
|
||||||
network_policy_config = bool
|
|
||||||
|
|
||||||
gce_persistent_disk_csi_driver_config = bool
|
gce_persistent_disk_csi_driver_config = bool
|
||||||
})
|
})
|
||||||
default = {
|
default = {
|
||||||
|
@ -39,15 +37,15 @@ variable "addons" {
|
||||||
enabled = false
|
enabled = false
|
||||||
tls = false
|
tls = false
|
||||||
}
|
}
|
||||||
network_policy_config = false
|
network_policy_config = false
|
||||||
gce_persistent_disk_csi_driver_config = false
|
gce_persistent_disk_csi_driver_config = false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "enable_dataplane_v2" {
|
variable "enable_dataplane_v2" {
|
||||||
description = "Enable Dataplane V2 on the cluster, will disable network_policy addons config"
|
description = "Enable Dataplane V2 on the cluster, will disable network_policy addons config"
|
||||||
type = bool
|
type = bool
|
||||||
default = false
|
default = false
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "authenticator_security_group" {
|
variable "authenticator_security_group" {
|
||||||
|
@ -257,3 +255,10 @@ variable "workload_identity" {
|
||||||
type = bool
|
type = bool
|
||||||
default = true
|
default = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "enable_autopilot" {
|
||||||
|
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)"
|
||||||
|
type = bool
|
||||||
|
default = false
|
||||||
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue