Dataplane V2 integration (#256)
* Dataplane V2 integration * Moving enable_dataplane_v2 outside addons * Fixing enable_dataplane_v2 position and default value * Fix README with default value * Removing enable_dataplane_v2 from addons * Adding standalone Dataplane V2 Example
This commit is contained in:
parent
f53aba9bba
commit
71031efc7c
|
@ -4,6 +4,8 @@ This module allows simplified creation and management of GKE clusters and should
|
|||
|
||||
## Example
|
||||
|
||||
### GKE Cluster
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./modules/gke-cluster"
|
||||
|
@ -31,6 +33,36 @@ module "cluster-1" {
|
|||
# tftest:modules=1:resources=1
|
||||
```
|
||||
|
||||
### GKE Cluster with Dataplane V2 enabled
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./modules/gke-cluster"
|
||||
project_id = "myproject"
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_pods = "pods"
|
||||
secondary_range_services = "services"
|
||||
default_max_pods_per_node = 32
|
||||
enable_dataplane_v2 = true
|
||||
master_authorized_ranges = {
|
||||
internal-vms = "10.0.0.0/8"
|
||||
}
|
||||
private_cluster_config = {
|
||||
enable_private_nodes = true
|
||||
enable_private_endpoint = true
|
||||
master_ipv4_cidr_block = "192.168.0.0/28"
|
||||
master_global_access = false
|
||||
}
|
||||
labels = {
|
||||
environment = "dev"
|
||||
}
|
||||
}
|
||||
# tftest:modules=1:resources=1
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
|
@ -50,6 +82,7 @@ module "cluster-1" {
|
|||
| *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | <code title="">number</code> | | <code title="">110</code> |
|
||||
| *description* | Cluster description. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *enable_binary_authorization* | Enable Google Binary Authorization. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *enable_shielded_nodes* | Enable Shielded Nodes features on all nodes in this cluster. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *enable_tpu* | Enable Cloud TPU resources in this cluster. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
|
|
|
@ -49,7 +49,8 @@ resource "google_container_cluster" "cluster" {
|
|||
enable_tpu = var.enable_tpu
|
||||
initial_node_count = 1
|
||||
remove_default_node_pool = true
|
||||
|
||||
datapath_provider = var.enable_dataplane_v2 ? "ADVANCED_DATAPATH" : "DATAPATH_PROVIDER_UNSPECIFIED"
|
||||
|
||||
# node_config {}
|
||||
# NOTE: Default node_pool is deleted, so node_config (here) is extranneous.
|
||||
# Specify that node_config as an parameter to gke-nodepool module instead.
|
||||
|
@ -120,11 +121,12 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
}
|
||||
|
||||
#the network_policy block is enabled if network_policy_config and network_dataplane_v2 is set to false. Dataplane V2 has built-in network policies.
|
||||
dynamic "network_policy" {
|
||||
for_each = var.addons.network_policy_config ? [""] : []
|
||||
content {
|
||||
enabled = true
|
||||
provider = "CALICO"
|
||||
enabled = var.enable_dataplane_v2 ? false : true
|
||||
provider = var.enable_dataplane_v2 ? "PROVIDER_UNSPECIFIED" : "CALICO"
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -25,7 +25,9 @@ variable "addons" {
|
|||
enabled = bool
|
||||
tls = bool
|
||||
})
|
||||
|
||||
network_policy_config = bool
|
||||
|
||||
gce_persistent_disk_csi_driver_config = bool
|
||||
})
|
||||
default = {
|
||||
|
@ -42,6 +44,12 @@ variable "addons" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "enable_dataplane_v2" {
|
||||
description = "Enable Dataplane V2 on the cluster, will disable network_policy addons config"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "authenticator_security_group" {
|
||||
description = "RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com."
|
||||
type = string
|
||||
|
|
Loading…
Reference in New Issue