Merge branch 'master' into change-gke-metadata
This commit is contained in:
commit
8894c40153
|
@ -81,17 +81,21 @@ module "cluster-1" {
|
||||||
| *database_encryption* | Enable and configure GKE application-layer secrets encryption. | <code title="object({ enabled = bool state = string key_name = string })">object({...})</code> | | <code title="{ enabled = false state = "DECRYPTED" key_name = null }">...</code> |
|
| *database_encryption* | Enable and configure GKE application-layer secrets encryption. | <code title="object({ enabled = bool state = string key_name = string })">object({...})</code> | | <code title="{ enabled = false state = "DECRYPTED" key_name = null }">...</code> |
|
||||||
| *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | <code title="">number</code> | | <code title="">110</code> |
|
| *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | <code title="">number</code> | | <code title="">110</code> |
|
||||||
| *description* | Cluster description. | <code title="">string</code> | | <code title="">null</code> |
|
| *description* | Cluster description. | <code title="">string</code> | | <code title="">null</code> |
|
||||||
|
| *dns_config* | Configuration for Using Cloud DNS for GKE. | <code title="object({ cluster_dns = string cluster_dns_scope = string cluster_dns_domain = string })">object({...})</code> | | <code title="{ cluster_dns = "PROVIDER_UNSPECIFIED" cluster_dns_scope = "DNS_SCOPE_UNSPECIFIED" cluster_dns_domain = "" }">...</code> |
|
||||||
| *enable_autopilot* | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) | <code title="">bool</code> | | <code title="">false</code> |
|
| *enable_autopilot* | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) | <code title="">bool</code> | | <code title="">false</code> |
|
||||||
| *enable_binary_authorization* | Enable Google Binary Authorization. | <code title="">bool</code> | | <code title="">null</code> |
|
| *enable_binary_authorization* | Enable Google Binary Authorization. | <code title="">bool</code> | | <code title="">null</code> |
|
||||||
| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | <code title="">bool</code> | | <code title="">false</code> |
|
| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | <code title="">bool</code> | | <code title="">false</code> |
|
||||||
| *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | <code title="">bool</code> | | <code title="">null</code> |
|
| *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | <code title="">bool</code> | | <code title="">null</code> |
|
||||||
|
| *enable_l4_ilb_subsetting* | Enable L4ILB Subsetting. | <code title="">bool</code> | | <code title="">null</code> |
|
||||||
| *enable_shielded_nodes* | Enable Shielded Nodes features on all nodes in this cluster. | <code title="">bool</code> | | <code title="">null</code> |
|
| *enable_shielded_nodes* | Enable Shielded Nodes features on all nodes in this cluster. | <code title="">bool</code> | | <code title="">null</code> |
|
||||||
| *enable_tpu* | Enable Cloud TPU resources in this cluster. | <code title="">bool</code> | | <code title="">null</code> |
|
| *enable_tpu* | Enable Cloud TPU resources in this cluster. | <code title="">bool</code> | | <code title="">null</code> |
|
||||||
| *labels* | Cluster resource labels. | <code title="map(string)">map(string)</code> | | <code title="">null</code> |
|
| *labels* | Cluster resource labels. | <code title="map(string)">map(string)</code> | | <code title="">null</code> |
|
||||||
|
| *logging_config* | Logging configuration (enabled components). | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||||
| *logging_service* | Logging service (disable with an empty string). | <code title="">string</code> | | <code title="">logging.googleapis.com/kubernetes</code> |
|
| *logging_service* | Logging service (disable with an empty string). | <code title="">string</code> | | <code title="">logging.googleapis.com/kubernetes</code> |
|
||||||
| *maintenance_start_time* | Maintenance start time in RFC3339 format 'HH:MM', where HH is [00-23] and MM is [00-59] GMT. | <code title="">string</code> | | <code title="">03:00</code> |
|
| *maintenance_config* | Maintenance window configuration | <code title="object({ daily_maintenance_window = object({ start_time = string }) recurring_window = object({ start_time = string end_time = string recurrence = string }) maintenance_exclusion = list(object({ exclusion_name = string start_time = string end_time = string })) })">object({...})</code> | | <code title="{ daily_maintenance_window = { start_time = "03:00" } recurring_window = null maintenance_exclusion = [] }">...</code> |
|
||||||
| *master_authorized_ranges* | External Ip address ranges that can access the Kubernetes cluster master through HTTPS. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
| *master_authorized_ranges* | External Ip address ranges that can access the Kubernetes cluster master through HTTPS. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||||
| *min_master_version* | Minimum version of the master, defaults to the version of the most recent official release. | <code title="">string</code> | | <code title="">null</code> |
|
| *min_master_version* | Minimum version of the master, defaults to the version of the most recent official release. | <code title="">string</code> | | <code title="">null</code> |
|
||||||
|
| *monitoring_config* | Monitoring configuration (enabled components). | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||||
| *monitoring_service* | Monitoring service (disable with an empty string). | <code title="">string</code> | | <code title="">monitoring.googleapis.com/kubernetes</code> |
|
| *monitoring_service* | Monitoring service (disable with an empty string). | <code title="">string</code> | | <code title="">monitoring.googleapis.com/kubernetes</code> |
|
||||||
| *node_locations* | Zones in which the cluster's nodes are located. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
| *node_locations* | Zones in which the cluster's nodes are located. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||||
| *peering_config* | Configure peering with the master VPC for private clusters. | <code title="object({ export_routes = bool import_routes = bool project_id = string })">object({...})</code> | | <code title="">null</code> |
|
| *peering_config* | Configure peering with the master VPC for private clusters. | <code title="object({ export_routes = bool import_routes = bool project_id = string })">object({...})</code> | | <code title="">null</code> |
|
||||||
|
|
|
@ -39,12 +39,13 @@ resource "google_container_cluster" "cluster" {
|
||||||
min_master_version = var.min_master_version
|
min_master_version = var.min_master_version
|
||||||
network = var.network
|
network = var.network
|
||||||
subnetwork = var.subnetwork
|
subnetwork = var.subnetwork
|
||||||
logging_service = var.logging_service
|
logging_service = var.logging_config == null ? var.logging_service : null
|
||||||
monitoring_service = var.monitoring_service
|
monitoring_service = var.monitoring_config == null ? var.monitoring_service : null
|
||||||
resource_labels = var.labels
|
resource_labels = var.labels
|
||||||
default_max_pods_per_node = var.enable_autopilot ? null : var.default_max_pods_per_node
|
default_max_pods_per_node = var.enable_autopilot ? null : var.default_max_pods_per_node
|
||||||
enable_binary_authorization = var.enable_binary_authorization
|
enable_binary_authorization = var.enable_binary_authorization
|
||||||
enable_intranode_visibility = var.enable_intranode_visibility
|
enable_intranode_visibility = var.enable_intranode_visibility
|
||||||
|
enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
|
||||||
enable_shielded_nodes = var.enable_shielded_nodes
|
enable_shielded_nodes = var.enable_shielded_nodes
|
||||||
enable_tpu = var.enable_tpu
|
enable_tpu = var.enable_tpu
|
||||||
initial_node_count = 1
|
initial_node_count = 1
|
||||||
|
@ -92,11 +93,34 @@ resource "google_container_cluster" "cluster" {
|
||||||
services_secondary_range_name = var.secondary_range_services
|
services_secondary_range_name = var.secondary_range_services
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO(ludomagno): make optional, and support beta feature
|
|
||||||
# https://www.terraform.io/docs/providers/google/r/container_cluster.html#daily_maintenance_window
|
# https://www.terraform.io/docs/providers/google/r/container_cluster.html#daily_maintenance_window
|
||||||
maintenance_policy {
|
maintenance_policy {
|
||||||
daily_maintenance_window {
|
dynamic "daily_maintenance_window" {
|
||||||
start_time = var.maintenance_start_time
|
for_each = var.maintenance_config != null && lookup(var.maintenance_config, "daily_maintenance_window", null) != null ? [var.maintenance_config.daily_maintenance_window] : []
|
||||||
|
iterator = config
|
||||||
|
content {
|
||||||
|
start_time = config.value.start_time
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "recurring_window" {
|
||||||
|
for_each = var.maintenance_config != null && lookup(var.maintenance_config, "recurring_window", null) != null ? [var.maintenance_config.recurring_window] : []
|
||||||
|
iterator = config
|
||||||
|
content {
|
||||||
|
start_time = config.value.start_time
|
||||||
|
end_time = config.value.end_time
|
||||||
|
recurrence = config.value.recurrence
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "maintenance_exclusion" {
|
||||||
|
for_each = var.maintenance_config != null && lookup(var.maintenance_config, "maintenance_exclusion", null) != null ? var.maintenance_config.maintenance_exclusion : []
|
||||||
|
iterator = config
|
||||||
|
content {
|
||||||
|
exclusion_name = config.value.exclusion_name
|
||||||
|
start_time = config.value.start_time
|
||||||
|
end_time = config.value.end_time
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -227,6 +251,29 @@ resource "google_container_cluster" "cluster" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dynamic "monitoring_config" {
|
||||||
|
for_each = var.monitoring_config != null ? [""] : []
|
||||||
|
content {
|
||||||
|
enable_components = var.monitoring_config
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "logging_config" {
|
||||||
|
for_each = var.logging_config != null ? [""] : []
|
||||||
|
content {
|
||||||
|
enable_components = var.logging_config
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "dns_config" {
|
||||||
|
for_each = var.dns_config != null ? [var.dns_config] : []
|
||||||
|
iterator = config
|
||||||
|
content {
|
||||||
|
cluster_dns = config.value.cluster_dns
|
||||||
|
cluster_dns_scope = config.value.cluster_dns_scope
|
||||||
|
cluster_dns_domain = config.value.cluster_dns_domain
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_network_peering_routes_config" "gke_master" {
|
resource "google_compute_network_peering_routes_config" "gke_master" {
|
||||||
|
|
|
@ -92,6 +92,20 @@ variable "description" {
|
||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "dns_config" {
|
||||||
|
description = "Configuration for Using Cloud DNS for GKE."
|
||||||
|
type = object({
|
||||||
|
cluster_dns = string
|
||||||
|
cluster_dns_scope = string
|
||||||
|
cluster_dns_domain = string
|
||||||
|
})
|
||||||
|
default = {
|
||||||
|
cluster_dns = "PROVIDER_UNSPECIFIED"
|
||||||
|
cluster_dns_scope = "DNS_SCOPE_UNSPECIFIED"
|
||||||
|
cluster_dns_domain = ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
variable "enable_autopilot" {
|
variable "enable_autopilot" {
|
||||||
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)"
|
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)"
|
||||||
type = bool
|
type = bool
|
||||||
|
@ -116,6 +130,12 @@ variable "enable_intranode_visibility" {
|
||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "enable_l4_ilb_subsetting" {
|
||||||
|
description = "Enable L4ILB Subsetting."
|
||||||
|
type = bool
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
variable "enable_shielded_nodes" {
|
variable "enable_shielded_nodes" {
|
||||||
description = "Enable Shielded Nodes features on all nodes in this cluster."
|
description = "Enable Shielded Nodes features on all nodes in this cluster."
|
||||||
type = bool
|
type = bool
|
||||||
|
@ -139,16 +159,42 @@ variable "location" {
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "logging_config" {
|
||||||
|
description = "Logging configuration (enabled components)."
|
||||||
|
type = list(string)
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
variable "logging_service" {
|
variable "logging_service" {
|
||||||
description = "Logging service (disable with an empty string)."
|
description = "Logging service (disable with an empty string)."
|
||||||
type = string
|
type = string
|
||||||
default = "logging.googleapis.com/kubernetes"
|
default = "logging.googleapis.com/kubernetes"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "maintenance_start_time" {
|
variable "maintenance_config" {
|
||||||
description = "Maintenance start time in RFC3339 format 'HH:MM', where HH is [00-23] and MM is [00-59] GMT."
|
description = "Maintenance window configuration"
|
||||||
type = string
|
type = object({
|
||||||
default = "03:00"
|
daily_maintenance_window = object({
|
||||||
|
start_time = string
|
||||||
|
})
|
||||||
|
recurring_window = object({
|
||||||
|
start_time = string
|
||||||
|
end_time = string
|
||||||
|
recurrence = string
|
||||||
|
})
|
||||||
|
maintenance_exclusion = list(object({
|
||||||
|
exclusion_name = string
|
||||||
|
start_time = string
|
||||||
|
end_time = string
|
||||||
|
}))
|
||||||
|
})
|
||||||
|
default = {
|
||||||
|
daily_maintenance_window = {
|
||||||
|
start_time = "03:00"
|
||||||
|
}
|
||||||
|
recurring_window = null
|
||||||
|
maintenance_exclusion = []
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "master_authorized_ranges" {
|
variable "master_authorized_ranges" {
|
||||||
|
@ -163,6 +209,12 @@ variable "min_master_version" {
|
||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "monitoring_config" {
|
||||||
|
description = "Monitoring configuration (enabled components)."
|
||||||
|
type = list(string)
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
variable "monitoring_service" {
|
variable "monitoring_service" {
|
||||||
description = "Monitoring service (disable with an empty string)."
|
description = "Monitoring service (disable with an empty string)."
|
||||||
type = string
|
type = string
|
||||||
|
@ -261,4 +313,3 @@ variable "workload_identity" {
|
||||||
type = bool
|
type = bool
|
||||||
default = true
|
default = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue