Merge branch 'master' into lcaggio/vertex-01
This commit is contained in:
commit
8e55374717
|
@ -161,4 +161,4 @@ Even with all the above points, it may be hard to make a decision. While the mod
|
|||
|
||||
* Since modules work well together within their ecosystem, select logical boundaries for using Fabric or CFT. For example use CFT for deploying resources within projects but use Fabric for managing project creation and IAM.
|
||||
* Use strengths of each collection of modules to your advantage. Empower application teams to define their infrastructure as code using off the shelf CFT modules. Using Fabric, bootstrap your platform team with a collection of tailor built modules for your organization.
|
||||
* Lean into module composition and dependency inversion that both Fabric and CFT modules follow. For example, you can create a GKE cluster using either [Fabric](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/gke-cluster#gke-cluster-module) or [CFT](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine) GKE module and then use either [Fabric](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/gke-hub#variables) or [CFT](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/fleet-membership) for setting up GKE Hub by passing in outputs from the GKE module.
|
||||
* Lean into module composition and dependency inversion that both Fabric and CFT modules follow. For example, you can create a GKE cluster using either [Fabric](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/gke-cluster-standard#gke-cluster-module) or [CFT](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine) GKE module and then use either [Fabric](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/gke-hub#variables) or [CFT](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/fleet-membership) for setting up GKE Hub by passing in outputs from the GKE module.
|
||||
|
|
|
@ -31,7 +31,7 @@ Currently available modules:
|
|||
|
||||
- **foundational** - [billing budget](./modules/billing-budget), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source)
|
||||
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [Global Load Balancer (classic)](./modules/net-glb/), [L4 ILB](./modules/net-ilb), [L7 ILB](./modules/net-ilb-l7), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC firewall policy](./modules/net-vpc-firewall-policy), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory)
|
||||
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool)
|
||||
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool)
|
||||
- **data** - [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
|
||||
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository)
|
||||
- **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc)
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
|
||||
module "cluster" {
|
||||
source = "../../../modules/gke-cluster"
|
||||
source = "../../../modules/gke-cluster-standard"
|
||||
project_id = module.project.project_id
|
||||
name = "cluster"
|
||||
location = var.region
|
||||
|
|
|
@ -54,10 +54,10 @@ spec:
|
|||
protocol: TCP
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 50Mi
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
memory: 50Mi
|
||||
memory: 500Mi
|
||||
- name: locust-prometheus-exporter
|
||||
image: containersol/locust_exporter
|
||||
ports:
|
||||
|
@ -65,10 +65,10 @@ spec:
|
|||
containerPort: 9646
|
||||
resources:
|
||||
requests:
|
||||
cpu: 5m
|
||||
memory: 5Mi
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
memory: 5Mi
|
||||
memory: 500Mi
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
|
|
|
@ -46,7 +46,7 @@ spec:
|
|||
value: locust-master
|
||||
resources:
|
||||
requests:
|
||||
cpu: 20m
|
||||
memory: 50Mi
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
memory: 50Mi
|
||||
memory: 500Mi
|
|
@ -89,10 +89,10 @@ spec:
|
|||
- --use-new-resource-model=false
|
||||
resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 150Mi
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
requests:
|
||||
memory: 150Mi
|
||||
memory: 500Mi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
|
|
@ -52,10 +52,10 @@ spec:
|
|||
containerPort: 9090
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 15Mi
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
memory: 15Mi
|
||||
memory: 500Mi
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /-/ready
|
||||
|
|
|
@ -135,10 +135,10 @@ spec:
|
|||
subPath: "dashboardproviders.yaml"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 30m
|
||||
memory: 100Mi
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
memory: 100Mi
|
||||
memory: 500Mi
|
||||
livenessProbe:
|
||||
failureThreshold: 10
|
||||
httpGet:
|
||||
|
|
|
@ -70,10 +70,10 @@ spec:
|
|||
containerPort: 8081
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
cpu: 250m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
memory: 50Mi
|
||||
memory: 500Mi
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
|
||||
module "cluster" {
|
||||
source = "../../../modules/gke-cluster"
|
||||
source = "../../../modules/gke-cluster-autopilot"
|
||||
project_id = module.project.project_id
|
||||
name = "cluster"
|
||||
location = var.region
|
||||
|
@ -29,18 +29,18 @@ module "cluster" {
|
|||
master_authorized_ranges = var.cluster_network_config.master_authorized_cidr_blocks
|
||||
master_ipv4_cidr_block = var.cluster_network_config.master_cidr_block
|
||||
}
|
||||
enable_features = {
|
||||
autopilot = true
|
||||
}
|
||||
monitoring_config = {
|
||||
enenable_components = ["SYSTEM_COMPONENTS"]
|
||||
managed_prometheus = true
|
||||
}
|
||||
cluster_autoscaling = {
|
||||
auto_provisioning_defaults = {
|
||||
service_account = module.node_sa.email
|
||||
}
|
||||
}
|
||||
# enable_features = {
|
||||
# autopilot = true
|
||||
# }
|
||||
# monitoring_config = {
|
||||
# enenable_components = ["SYSTEM_COMPONENTS"]
|
||||
# managed_prometheus = true
|
||||
# }
|
||||
# cluster_autoscaling = {
|
||||
# auto_provisioning_defaults = {
|
||||
# service_account = module.node_sa.email
|
||||
# }
|
||||
# }
|
||||
release_channel = "RAPID"
|
||||
depends_on = [
|
||||
module.project
|
||||
|
|
|
@ -83,7 +83,7 @@ module "nat" {
|
|||
}
|
||||
|
||||
module "cluster" {
|
||||
source = "../../../modules/gke-cluster"
|
||||
source = "../../../modules/gke-cluster-standard"
|
||||
project_id = module.project.project_id
|
||||
name = "${var.prefix}-cluster"
|
||||
location = var.zone
|
||||
|
|
|
@ -53,7 +53,7 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|
|||
| name | description | modules | resources |
|
||||
|---|---|---|---|
|
||||
| [ansible.tf](./ansible.tf) | Ansible generated files. | | <code>local_file</code> |
|
||||
| [gke.tf](./gke.tf) | GKE cluster and hub resources. | <code>gke-cluster</code> · <code>gke-hub</code> · <code>gke-nodepool</code> | |
|
||||
| [gke.tf](./gke.tf) | GKE cluster and hub resources. | <code>gke-cluster-standard</code> · <code>gke-hub</code> · <code>gke-nodepool</code> | |
|
||||
| [main.tf](./main.tf) | Project resources. | <code>project</code> | |
|
||||
| [variables.tf](./variables.tf) | Module variables. | | |
|
||||
| [vm.tf](./vm.tf) | Management server. | <code>compute-vm</code> | |
|
||||
|
@ -75,7 +75,6 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|
|||
| [region](variables.tf#L99) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
||||
## Test
|
||||
|
||||
```hcl
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
module "clusters" {
|
||||
for_each = var.clusters_config
|
||||
source = "../../../modules/gke-cluster"
|
||||
source = "../../../modules/gke-cluster-standard"
|
||||
project_id = module.fleet_project.project_id
|
||||
name = each.key
|
||||
location = var.region
|
||||
|
|
|
@ -234,7 +234,7 @@ module "gke" {
|
|||
|
||||
| name | description | modules |
|
||||
|---|---|---|
|
||||
| [gke-clusters.tf](./gke-clusters.tf) | GKE clusters. | <code>gke-cluster</code> |
|
||||
| [gke-clusters.tf](./gke-clusters.tf) | GKE clusters. | <code>gke-cluster-standard</code> |
|
||||
| [gke-hub.tf](./gke-hub.tf) | GKE hub configuration. | <code>gke-hub</code> |
|
||||
| [gke-nodepools.tf](./gke-nodepools.tf) | GKE nodepools. | <code>gke-nodepool</code> |
|
||||
| [main.tf](./main.tf) | Project and usage dataset. | <code>bigquery-dataset</code> · <code>project</code> |
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
# tfdoc:file:description GKE clusters.
|
||||
|
||||
module "gke-cluster" {
|
||||
source = "../../../modules/gke-cluster"
|
||||
source = "../../../modules/gke-cluster-standard"
|
||||
for_each = var.clusters
|
||||
name = each.key
|
||||
project_id = module.gke-project-0.project_id
|
||||
|
|
|
@ -240,7 +240,7 @@ module "service-account-gce" {
|
|||
################################################################################
|
||||
|
||||
module "cluster-1" {
|
||||
source = "../../../modules/gke-cluster"
|
||||
source = "../../../modules/gke-cluster-standard"
|
||||
name = "${var.prefix}-cluster-1"
|
||||
project_id = module.project.project_id
|
||||
location = "${var.region}-b"
|
||||
|
|
|
@ -197,7 +197,7 @@ module "vm-bastion" {
|
|||
################################################################################
|
||||
|
||||
module "cluster-1" {
|
||||
source = "../../../modules/gke-cluster"
|
||||
source = "../../../modules/gke-cluster-standard"
|
||||
count = var.cluster_create ? 1 : 0
|
||||
name = "cluster-1"
|
||||
project_id = module.project-svc-gke.project_id
|
||||
|
|
|
@ -85,7 +85,7 @@ As shown in the script output above, the provider file is a template used as a s
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [org-level bootstrap stage documentation](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
@ -97,7 +97,7 @@ The globals variable file linked above contains definition which were set for th
|
|||
|
||||
The tenant configuration resides in the `tenant_config` variable, this is an example configuration for a tenant with comments explaining the different choices that need to be made:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
tenant_config = {
|
||||
# used for the top-level folder name
|
||||
descriptive_name = "My First Tenant"
|
||||
|
@ -142,7 +142,6 @@ tenant_config = {
|
|||
# logging = "folders/0123456789"
|
||||
# }
|
||||
}
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
Configure the tenant variable in a tfvars file for this stage. A few minor points worth noting:
|
||||
|
|
|
@ -116,7 +116,7 @@ Once that is done, stage-level configuration variables are the same as the corre
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [org-level bootstrap stage documentation](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
|
|
@ -112,7 +112,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
|
|
@ -253,7 +253,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
@ -315,7 +315,7 @@ This stage includes basic support for an HA VPN connecting the landing zone in t
|
|||
|
||||
Support for the onprem VPN is disabled by default so that no resources are created, this is an example of how to configure the variable to enable the VPN:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
vpn_onprem_primary_config = {
|
||||
peer_external_gateways = {
|
||||
default = {
|
||||
|
@ -357,7 +357,6 @@ vpn_onprem_primary_config = {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
### Adding an environment
|
||||
|
|
|
@ -267,7 +267,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
@ -329,7 +329,7 @@ This stage includes basic support for an HA VPN connecting the landing zone in t
|
|||
|
||||
Support for the onprem VPN is disabled by default so that no resources are created, this is an example of how to configure the variable to enable the VPN:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
vpn_onprem_primary_config = {
|
||||
peer_external_gateways = {
|
||||
default = {
|
||||
|
@ -371,7 +371,6 @@ vpn_onprem_primary_config = {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
### Adding an environment
|
||||
|
|
|
@ -335,7 +335,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
@ -397,7 +397,7 @@ This stage includes basic support for an HA VPN connecting the landing zone in t
|
|||
|
||||
Support for the onprem VPNs is disabled by default so that no resources are created, this is an example of how to configure one variable to enable the VPN in the primary region:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
vpn_onprem_primary_config = {
|
||||
peer_external_gateways = {
|
||||
default = {
|
||||
|
@ -439,7 +439,6 @@ vpn_onprem_primary_config = {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
### Adding an environment
|
||||
|
|
|
@ -215,7 +215,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
@ -270,7 +270,7 @@ This stage includes basic support for an HA VPN connecting each environment land
|
|||
|
||||
Support for the onprem VPNs is disabled by default so that no resources are created, this is an example of how to configure one variable to enable the VPN for dev in the primary region:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
vpn_onprem_dev_primary_config = {
|
||||
peer_external_gateways = {
|
||||
default = {
|
||||
|
@ -312,7 +312,6 @@ vpn_onprem_dev_primary_config = {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
### Changing default regions
|
||||
|
|
|
@ -357,7 +357,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
@ -419,7 +419,7 @@ This stage includes basic support for an HA VPN connecting the landing zone in t
|
|||
|
||||
Support for the onprem VPNs is disabled by default so that no resources are created, this is an example of how to configure one variable to enable the VPN in the primary region:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
vpn_onprem_primary_config = {
|
||||
peer_external_gateways = {
|
||||
default = {
|
||||
|
@ -461,7 +461,6 @@ vpn_onprem_primary_config = {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest skip
|
||||
```
|
||||
|
||||
### Adding an environment
|
||||
|
|
|
@ -110,7 +110,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
|
|||
|
||||
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
|
||||
|
||||
```hcl
|
||||
```tfvars
|
||||
outputs_location = "~/fast-config"
|
||||
```
|
||||
|
||||
|
|
|
@ -63,7 +63,8 @@ These modules are used in the examples included in this repository. If you are u
|
|||
- [VM/VM group](./compute-vm)
|
||||
- [MIG](./compute-mig)
|
||||
- [COS container](./cloud-config-container/cos-generic-metadata/) (coredns/mysql/nva/onprem/squid)
|
||||
- [GKE cluster](./gke-cluster)
|
||||
- [GKE autopilot cluster](./gke-cluster-autopilot)
|
||||
- [GKE standard cluster](./gke-cluster-standard)
|
||||
- [GKE hub](./gke-hub)
|
||||
- [GKE nodepool](./gke-nodepool)
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ module "bigquery-dataset" {
|
|||
view_1 = "my-project|my-dataset|my-table"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5
|
||||
# tftest modules=1 resources=5 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### IAM roles
|
||||
|
@ -51,7 +51,7 @@ module "bigquery-dataset" {
|
|||
"roles/bigquery.dataOwner" = ["user:user1@example.org"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=iam.yaml
|
||||
```
|
||||
|
||||
### Dataset options
|
||||
|
@ -70,7 +70,7 @@ module "bigquery-dataset" {
|
|||
max_time_travel_hours = 168
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=options.yaml
|
||||
```
|
||||
|
||||
### Tables and views
|
||||
|
@ -100,7 +100,7 @@ module "bigquery-dataset" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=tables.yaml
|
||||
```
|
||||
|
||||
If partitioning is needed, populate the `partitioning` variable using either the `time` or `range` attribute.
|
||||
|
@ -132,7 +132,7 @@ module "bigquery-dataset" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=partitioning.yaml
|
||||
```
|
||||
|
||||
To create views use the `view` variable. If you're querying a table created by the same module `terraform apply` will initially fail and eventually succeed once the underlying table has been created. You can probably also use the module's output in the view's query to create a dependency on the table.
|
||||
|
@ -170,7 +170,7 @@ module "bigquery-dataset" {
|
|||
}
|
||||
}
|
||||
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=views.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ module "budget" {
|
|||
emails = ["user@example.com"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=email.yaml
|
||||
```
|
||||
|
||||
### Pubsub notification
|
||||
|
@ -59,7 +59,7 @@ module "pubsub" {
|
|||
name = "budget-topic"
|
||||
}
|
||||
|
||||
# tftest modules=2 resources=2
|
||||
# tftest modules=2 resources=2 inventory=pubsub.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ module "nginx-mig" {
|
|||
target_size = 2
|
||||
instance_template = module.nginx-template.template.self_link
|
||||
}
|
||||
# tftest modules=2 resources=2
|
||||
# tftest modules=2 resources=2 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Multiple versions
|
||||
|
@ -149,7 +149,7 @@ module "nginx-mig" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=3
|
||||
# tftest modules=2 resources=3 inventory=health-check.yaml
|
||||
```
|
||||
|
||||
### Autoscaling
|
||||
|
@ -202,7 +202,7 @@ module "nginx-mig" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=3
|
||||
# tftest modules=2 resources=3 inventory=autoscaling.yaml
|
||||
```
|
||||
|
||||
### Update policy
|
||||
|
@ -408,7 +408,7 @@ module "nginx-mig" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=4
|
||||
# tftest modules=2 resources=4 inventory=stateful.yaml
|
||||
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
|
|
@ -0,0 +1,132 @@
|
|||
# GKE cluster Autopilot module
|
||||
|
||||
This module allows simplified creation and management of GKE Autopilot clusters. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
|
||||
|
||||
## Example
|
||||
|
||||
### GKE Cluster
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-autopilot"
|
||||
project_id = "myproject"
|
||||
name = "cluster-1"
|
||||
location = "europe-west1"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {
|
||||
pods = "pods"
|
||||
services = "services"
|
||||
}
|
||||
master_authorized_ranges = {
|
||||
internal-vms = "10.0.0.0/8"
|
||||
}
|
||||
master_ipv4_cidr_block = "192.168.0.0/28"
|
||||
}
|
||||
private_cluster_config = {
|
||||
enable_private_endpoint = true
|
||||
master_global_access = false
|
||||
}
|
||||
labels = {
|
||||
environment = "dev"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=basic.yaml
|
||||
```
|
||||
|
||||
|
||||
### Cloud DNS
|
||||
|
||||
This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns) for GKE Standard clusters.
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-autopilot"
|
||||
project_id = var.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-west1"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = { pods = "pods", services = "services" }
|
||||
}
|
||||
enable_features = {
|
||||
dns = {
|
||||
provider = "CLOUD_DNS"
|
||||
scope = "CLUSTER_SCOPE"
|
||||
domain = "gke.local"
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=dns.yaml
|
||||
```
|
||||
|
||||
|
||||
### Backup for GKE
|
||||
|
||||
This example shows how to [enable the Backup for GKE agent and configure a Backup Plan](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke) for GKE Standard clusters.
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-autopilot"
|
||||
project_id = var.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-west1"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = { pods = "pods", services = "services" }
|
||||
}
|
||||
backup_configs = {
|
||||
enable_backup_agent = true
|
||||
backup_plans = {
|
||||
"backup-1" = {
|
||||
region = "europe-west-2"
|
||||
schedule = "0 9 * * 1"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2 inventory=backup.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [location](variables.tf#L106) | Autopilot cluster are always regional. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L141) | Cluster name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L167) | Cluster project id. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L190) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) })">object({…})</code> | ✓ | |
|
||||
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ region = string schedule = string retention_policy_days = optional(string) retention_policy_lock = optional(bool, false) retention_policy_delete_lock_days = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [description](variables.tf#L33) | Cluster description. | <code>string</code> | | <code>null</code> |
|
||||
| [enable_addons](variables.tf#L39) | Addons enabled in the cluster (true means enabled). | <code title="object({ cloudrun = optional(bool, false) config_connector = optional(bool, false) dns_cache = optional(bool, false) horizontal_pod_autoscaling = optional(bool, false) http_load_balancing = optional(bool, false) istio = optional(object({ enable_tls = bool })) kalm = optional(bool, false) network_policy = optional(bool, false) })">object({…})</code> | | <code title="{ horizontal_pod_autoscaling = true http_load_balancing = true }">{…}</code> |
|
||||
| [enable_features](variables.tf#L60) | Enable cluster-level features. Certain features allow configuration. | <code title="object({ binary_authorization = optional(bool, false) dns = optional(object({ provider = optional(string) scope = optional(string) domain = optional(string) })) database_encryption = optional(object({ state = string key_name = string })) gateway_api = optional(bool, false) groups_for_rbac = optional(string) l4_ilb_subsetting = optional(bool, false) mesh_certificates = optional(bool) pod_security_policy = optional(bool, false) resource_usage_export = optional(object({ dataset = string enable_network_egress_metering = optional(bool) enable_resource_consumption_metering = optional(bool) })) tpu = optional(bool, false) upgrade_notifications = optional(object({ topic_id = optional(string) })) vertical_pod_autoscaling = optional(bool, false) })">object({…})</code> | | <code title="{ }">{…}</code> |
|
||||
| [issue_client_certificate](variables.tf#L94) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
|
||||
| [labels](variables.tf#L100) | Cluster resource labels. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [maintenance_config](variables.tf#L112) | Maintenance window configuration. | <code title="object({ daily_window_start_time = optional(string) recurring_window = optional(object({ start_time = string end_time = string recurrence = string })) maintenance_exclusions = optional(list(object({ name = string start_time = string end_time = string scope = optional(string) }))) })">object({…})</code> | | <code title="{ daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }">{…}</code> |
|
||||
| [min_master_version](variables.tf#L135) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
|
||||
| [node_locations](variables.tf#L146) | Zones in which the cluster's nodes are located. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [private_cluster_config](variables.tf#L153) | Private cluster configuration. | <code title="object({ enable_private_endpoint = optional(bool) master_global_access = optional(bool) peering_config = optional(object({ export_routes = optional(bool) import_routes = optional(bool) project_id = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [release_channel](variables.tf#L172) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
|
||||
| [service_account](variables.tf#L178) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | <code>string</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L184) | Network tags applied to nodes. | <code>list(string)</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [ca_certificate](outputs.tf#L17) | Public certificate of the cluster (base64-encoded). | ✓ |
|
||||
| [cluster](outputs.tf#L23) | Cluster resource. | ✓ |
|
||||
| [endpoint](outputs.tf#L29) | Cluster endpoint. | |
|
||||
| [id](outputs.tf#L34) | Cluster ID. | |
|
||||
| [location](outputs.tf#L39) | Cluster location. | |
|
||||
| [master_version](outputs.tf#L44) | Master version. | |
|
||||
| [name](outputs.tf#L49) | Cluster name. | |
|
||||
| [notifications](outputs.tf#L54) | GKE PubSub notifications topic. | |
|
||||
| [self_link](outputs.tf#L59) | Cluster self link. | ✓ |
|
||||
| [workload_identity_pool](outputs.tf#L65) | Workload identity pool. | |
|
||||
|
||||
<!-- END TFDOC -->
|
|
@ -0,0 +1,306 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_container_cluster" "cluster" {
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = var.name
|
||||
description = var.description
|
||||
location = var.location
|
||||
node_locations = (
|
||||
length(var.node_locations) == 0 ? null : var.node_locations
|
||||
)
|
||||
min_master_version = var.min_master_version
|
||||
network = var.vpc_config.network
|
||||
subnetwork = var.vpc_config.subnetwork
|
||||
resource_labels = var.labels
|
||||
enable_l4_ilb_subsetting = var.enable_features.l4_ilb_subsetting
|
||||
enable_tpu = var.enable_features.tpu
|
||||
initial_node_count = 1
|
||||
|
||||
enable_autopilot = true
|
||||
|
||||
addons_config {
|
||||
http_load_balancing {
|
||||
disabled = !var.enable_addons.http_load_balancing
|
||||
}
|
||||
horizontal_pod_autoscaling {
|
||||
disabled = !var.enable_addons.horizontal_pod_autoscaling
|
||||
}
|
||||
cloudrun_config {
|
||||
disabled = !var.enable_addons.cloudrun
|
||||
}
|
||||
|
||||
kalm_config {
|
||||
enabled = var.enable_addons.kalm
|
||||
}
|
||||
config_connector_config {
|
||||
enabled = var.enable_addons.config_connector
|
||||
}
|
||||
gke_backup_agent_config {
|
||||
enabled = var.backup_configs.enable_backup_agent
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "authenticator_groups_config" {
|
||||
for_each = var.enable_features.groups_for_rbac != null ? [""] : []
|
||||
content {
|
||||
security_group = var.enable_features.groups_for_rbac
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "binary_authorization" {
|
||||
for_each = var.enable_features.binary_authorization ? [""] : []
|
||||
content {
|
||||
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
|
||||
}
|
||||
}
|
||||
|
||||
cluster_autoscaling {
|
||||
dynamic "auto_provisioning_defaults" {
|
||||
for_each = var.service_account != null ? [""] : []
|
||||
content {
|
||||
service_account = var.service_account
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "database_encryption" {
|
||||
for_each = var.enable_features.database_encryption != null ? [""] : []
|
||||
content {
|
||||
state = var.enable_features.database_encryption.state
|
||||
key_name = var.enable_features.database_encryption.key_name
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "dns_config" {
|
||||
for_each = var.enable_features.dns != null ? [""] : []
|
||||
content {
|
||||
cluster_dns = var.enable_features.dns.provider
|
||||
cluster_dns_scope = var.enable_features.dns.scope
|
||||
cluster_dns_domain = var.enable_features.dns.domain
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "ip_allocation_policy" {
|
||||
for_each = var.vpc_config.secondary_range_blocks != null ? [""] : []
|
||||
content {
|
||||
cluster_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.pods
|
||||
services_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.services
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "ip_allocation_policy" {
|
||||
for_each = var.vpc_config.secondary_range_names != null ? [""] : []
|
||||
content {
|
||||
cluster_secondary_range_name = var.vpc_config.secondary_range_names.pods
|
||||
services_secondary_range_name = var.vpc_config.secondary_range_names.services
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "gateway_api_config" {
|
||||
for_each = var.enable_features.gateway_api ? [""] : []
|
||||
content {
|
||||
channel = "CHANNEL_STANDARD"
|
||||
}
|
||||
}
|
||||
|
||||
maintenance_policy {
|
||||
dynamic "daily_maintenance_window" {
|
||||
for_each = (
|
||||
try(var.maintenance_config.daily_window_start_time, null) != null
|
||||
? [""]
|
||||
: []
|
||||
)
|
||||
content {
|
||||
start_time = var.maintenance_config.daily_window_start_time
|
||||
}
|
||||
}
|
||||
dynamic "recurring_window" {
|
||||
for_each = (
|
||||
try(var.maintenance_config.recurring_window, null) != null
|
||||
? [""]
|
||||
: []
|
||||
)
|
||||
content {
|
||||
start_time = var.maintenance_config.recurring_window.start_time
|
||||
end_time = var.maintenance_config.recurring_window.end_time
|
||||
recurrence = var.maintenance_config.recurring_window.recurrence
|
||||
}
|
||||
}
|
||||
dynamic "maintenance_exclusion" {
|
||||
for_each = (
|
||||
try(var.maintenance_config.maintenance_exclusions, null) == null
|
||||
? []
|
||||
: var.maintenance_config.maintenance_exclusions
|
||||
)
|
||||
iterator = exclusion
|
||||
content {
|
||||
exclusion_name = exclusion.value.name
|
||||
start_time = exclusion.value.start_time
|
||||
end_time = exclusion.value.end_time
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
master_auth {
|
||||
client_certificate_config {
|
||||
issue_client_certificate = var.issue_client_certificate
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "master_authorized_networks_config" {
|
||||
for_each = var.vpc_config.master_authorized_ranges != null ? [""] : []
|
||||
content {
|
||||
dynamic "cidr_blocks" {
|
||||
for_each = var.vpc_config.master_authorized_ranges
|
||||
iterator = range
|
||||
content {
|
||||
cidr_block = range.value
|
||||
display_name = range.key
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "mesh_certificates" {
|
||||
for_each = var.enable_features.mesh_certificates != null ? [""] : []
|
||||
content {
|
||||
enable_certificates = var.enable_features.mesh_certificates
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "notification_config" {
|
||||
for_each = var.enable_features.upgrade_notifications != null ? [""] : []
|
||||
content {
|
||||
pubsub {
|
||||
enabled = true
|
||||
topic = (
|
||||
try(var.enable_features.upgrade_notifications.topic_id, null) != null
|
||||
? var.enable_features.upgrade_notifications.topic_id
|
||||
: google_pubsub_topic.notifications[0].id
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "private_cluster_config" {
|
||||
for_each = (
|
||||
var.private_cluster_config != null ? [""] : []
|
||||
)
|
||||
content {
|
||||
enable_private_nodes = true
|
||||
enable_private_endpoint = var.private_cluster_config.enable_private_endpoint
|
||||
master_ipv4_cidr_block = try(var.vpc_config.master_ipv4_cidr_block, null)
|
||||
master_global_access_config {
|
||||
enabled = var.private_cluster_config.master_global_access
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "pod_security_policy_config" {
|
||||
for_each = var.enable_features.pod_security_policy ? [""] : []
|
||||
content {
|
||||
enabled = var.enable_features.pod_security_policy
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "release_channel" {
|
||||
for_each = var.release_channel != null ? [""] : []
|
||||
content {
|
||||
channel = var.release_channel
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "resource_usage_export_config" {
|
||||
for_each = (
|
||||
try(var.enable_features.resource_usage_export.dataset, null) != null
|
||||
? [""]
|
||||
: []
|
||||
)
|
||||
content {
|
||||
enable_network_egress_metering = (
|
||||
var.enable_features.resource_usage_export.enable_network_egress_metering
|
||||
)
|
||||
enable_resource_consumption_metering = (
|
||||
var.enable_features.resource_usage_export.enable_resource_consumption_metering
|
||||
)
|
||||
bigquery_destination {
|
||||
dataset_id = var.enable_features.resource_usage_export.dataset
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "vertical_pod_autoscaling" {
|
||||
for_each = var.enable_features.vertical_pod_autoscaling ? [""] : []
|
||||
content {
|
||||
enabled = var.enable_features.vertical_pod_autoscaling
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_gke_backup_backup_plan" "backup_plan" {
|
||||
for_each = var.backup_configs.enable_backup_agent ? var.backup_configs.backup_plans : {}
|
||||
name = each.key
|
||||
cluster = google_container_cluster.cluster.id
|
||||
location = each.value.region
|
||||
project = var.project_id
|
||||
retention_policy {
|
||||
backup_delete_lock_days = try(each.value.retention_policy_delete_lock_days)
|
||||
backup_retain_days = try(each.value.retention_policy_days)
|
||||
locked = try(each.value.retention_policy_lock)
|
||||
}
|
||||
backup_schedule {
|
||||
cron_schedule = each.value.schedule
|
||||
}
|
||||
#TODO add support for configs
|
||||
backup_config {
|
||||
include_volume_data = true
|
||||
include_secrets = true
|
||||
all_namespaces = true
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
resource "google_compute_network_peering_routes_config" "gke_master" {
|
||||
count = (
|
||||
try(var.private_cluster_config.peering_config, null) != null ? 1 : 0
|
||||
)
|
||||
project = (
|
||||
try(var.private_cluster_config.peering_config, null) == null
|
||||
? var.project_id
|
||||
: var.private_cluster_config.peering_config.project_id
|
||||
)
|
||||
peering = try(
|
||||
google_container_cluster.cluster.private_cluster_config.0.peering_name,
|
||||
null
|
||||
)
|
||||
network = element(reverse(split("/", var.vpc_config.network)), 0)
|
||||
import_custom_routes = var.private_cluster_config.peering_config.import_routes
|
||||
export_custom_routes = var.private_cluster_config.peering_config.export_routes
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic" "notifications" {
|
||||
count = (
|
||||
try(var.enable_features.upgrade_notifications, null) != null &&
|
||||
try(var.enable_features.upgrade_notifications.topic_id, null) == null ? 1 : 0
|
||||
)
|
||||
project = var.project_id
|
||||
name = "gke-pubsub-notifications"
|
||||
labels = {
|
||||
content = "gke-notifications"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,207 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "backup_configs" {
|
||||
description = "Configuration for Backup for GKE."
|
||||
type = object({
|
||||
enable_backup_agent = optional(bool, false)
|
||||
backup_plans = optional(map(object({
|
||||
region = string
|
||||
schedule = string
|
||||
retention_policy_days = optional(string)
|
||||
retention_policy_lock = optional(bool, false)
|
||||
retention_policy_delete_lock_days = optional(string)
|
||||
})), {})
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
description = "Cluster description."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "enable_addons" {
|
||||
description = "Addons enabled in the cluster (true means enabled)."
|
||||
type = object({
|
||||
cloudrun = optional(bool, false)
|
||||
config_connector = optional(bool, false)
|
||||
dns_cache = optional(bool, false)
|
||||
horizontal_pod_autoscaling = optional(bool, false)
|
||||
http_load_balancing = optional(bool, false)
|
||||
istio = optional(object({
|
||||
enable_tls = bool
|
||||
}))
|
||||
kalm = optional(bool, false)
|
||||
network_policy = optional(bool, false)
|
||||
})
|
||||
default = {
|
||||
horizontal_pod_autoscaling = true
|
||||
http_load_balancing = true
|
||||
}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "enable_features" {
|
||||
description = "Enable cluster-level features. Certain features allow configuration."
|
||||
type = object({
|
||||
binary_authorization = optional(bool, false)
|
||||
dns = optional(object({
|
||||
provider = optional(string)
|
||||
scope = optional(string)
|
||||
domain = optional(string)
|
||||
}))
|
||||
database_encryption = optional(object({
|
||||
state = string
|
||||
key_name = string
|
||||
}))
|
||||
gateway_api = optional(bool, false)
|
||||
groups_for_rbac = optional(string)
|
||||
l4_ilb_subsetting = optional(bool, false)
|
||||
mesh_certificates = optional(bool)
|
||||
pod_security_policy = optional(bool, false)
|
||||
resource_usage_export = optional(object({
|
||||
dataset = string
|
||||
enable_network_egress_metering = optional(bool)
|
||||
enable_resource_consumption_metering = optional(bool)
|
||||
}))
|
||||
tpu = optional(bool, false)
|
||||
upgrade_notifications = optional(object({
|
||||
topic_id = optional(string)
|
||||
}))
|
||||
vertical_pod_autoscaling = optional(bool, false)
|
||||
})
|
||||
default = {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
variable "issue_client_certificate" {
|
||||
description = "Enable issuing client certificate."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Cluster resource labels."
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
description = "Autopilot cluster are always regional."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
||||
variable "maintenance_config" {
|
||||
description = "Maintenance window configuration."
|
||||
type = object({
|
||||
daily_window_start_time = optional(string)
|
||||
recurring_window = optional(object({
|
||||
start_time = string
|
||||
end_time = string
|
||||
recurrence = string
|
||||
}))
|
||||
maintenance_exclusions = optional(list(object({
|
||||
name = string
|
||||
start_time = string
|
||||
end_time = string
|
||||
scope = optional(string)
|
||||
})))
|
||||
})
|
||||
default = {
|
||||
daily_window_start_time = "03:00"
|
||||
recurring_window = null
|
||||
maintenance_exclusion = []
|
||||
}
|
||||
}
|
||||
|
||||
variable "min_master_version" {
|
||||
description = "Minimum version of the master, defaults to the version of the most recent official release."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Cluster name."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "node_locations" {
|
||||
description = "Zones in which the cluster's nodes are located."
|
||||
type = list(string)
|
||||
default = []
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "private_cluster_config" {
|
||||
description = "Private cluster configuration."
|
||||
type = object({
|
||||
enable_private_endpoint = optional(bool)
|
||||
master_global_access = optional(bool)
|
||||
peering_config = optional(object({
|
||||
export_routes = optional(bool)
|
||||
import_routes = optional(bool)
|
||||
project_id = optional(string)
|
||||
}))
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Cluster project id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "release_channel" {
|
||||
description = "Release channel for GKE upgrades."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "service_account" {
|
||||
description = "The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
description = "Network tags applied to nodes."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpc_config" {
|
||||
description = "VPC-level configuration."
|
||||
type = object({
|
||||
network = string
|
||||
subnetwork = string
|
||||
master_ipv4_cidr_block = optional(string)
|
||||
secondary_range_blocks = optional(object({
|
||||
pods = string
|
||||
services = string
|
||||
}))
|
||||
secondary_range_names = optional(object({
|
||||
pods = string
|
||||
services = string
|
||||
}), { pods = "pods", services = "services" })
|
||||
master_authorized_ranges = optional(map(string))
|
||||
})
|
||||
nullable = false
|
||||
}
|
|
@ -12,6 +12,7 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
terraform {
|
||||
required_version = ">= 1.4.4"
|
||||
required_providers {
|
|
@ -1,6 +1,6 @@
|
|||
# GKE cluster module
|
||||
# GKE cluster Standard module
|
||||
|
||||
This module allows simplified creation and management of GKE clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
|
||||
This module allows simplified creation and management of GKE Standard clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
|
||||
|
||||
## Example
|
||||
|
||||
|
@ -8,7 +8,7 @@ This module allows simplified creation and management of GKE clusters and should
|
|||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = "myproject"
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
|
@ -40,7 +40,7 @@ module "cluster-1" {
|
|||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = "myproject"
|
||||
name = "cluster-dataplane-v2"
|
||||
location = "europe-west1-b"
|
||||
|
@ -70,32 +70,6 @@ module "cluster-1" {
|
|||
}
|
||||
# tftest modules=1 resources=1 inventory=dataplane-v2.yaml
|
||||
```
|
||||
### Autopilot Cluster
|
||||
|
||||
```hcl
|
||||
module "cluster-autopilot" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
project_id = "myproject"
|
||||
name = "cluster-autopilot"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {
|
||||
pods = "pods"
|
||||
services = "services"
|
||||
}
|
||||
master_authorized_ranges = {
|
||||
internal-vms = "10.0.0.0/8"
|
||||
}
|
||||
master_ipv4_cidr_block = "192.168.0.0/28"
|
||||
}
|
||||
enable_features = {
|
||||
autopilot = true
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=autopilot.yaml
|
||||
```
|
||||
|
||||
### Cloud DNS
|
||||
|
||||
|
@ -103,7 +77,7 @@ This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://c
|
|||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = var.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
|
@ -130,7 +104,7 @@ This example shows how to [enable the Backup for GKE agent and configure a Backu
|
|||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = var.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
|
@ -157,26 +131,26 @@ module "cluster-1" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [location](variables.tf#L134) | Cluster zone or region. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L191) | Cluster name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L217) | Cluster project id. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L234) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) })">object({…})</code> | ✓ | |
|
||||
| [location](variables.tf#L133) | Cluster zone or region. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L190) | Cluster name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L216) | Cluster project id. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L233) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) })">object({…})</code> | ✓ | |
|
||||
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ region = string schedule = string retention_policy_days = optional(string) retention_policy_lock = optional(bool, false) retention_policy_delete_lock_days = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [cluster_autoscaling](variables.tf#L33) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object({ auto_provisioning_defaults = optional(object({ boot_disk_kms_key = optional(string) image_type = optional(string) oauth_scopes = optional(list(string)) service_account = optional(string) })) cpu_limits = optional(object({ min = number max = number })) mem_limits = optional(object({ min = number max = number })) })">object({…})</code> | | <code>null</code> |
|
||||
| [description](variables.tf#L54) | Cluster description. | <code>string</code> | | <code>null</code> |
|
||||
| [enable_addons](variables.tf#L60) | Addons enabled in the cluster (true means enabled). | <code title="object({ cloudrun = optional(bool, false) config_connector = optional(bool, false) dns_cache = optional(bool, false) gce_persistent_disk_csi_driver = optional(bool, false) gcp_filestore_csi_driver = optional(bool, false) horizontal_pod_autoscaling = optional(bool, false) http_load_balancing = optional(bool, false) istio = optional(object({ enable_tls = bool })) kalm = optional(bool, false) network_policy = optional(bool, false) })">object({…})</code> | | <code title="{ horizontal_pod_autoscaling = true http_load_balancing = true }">{…}</code> |
|
||||
| [enable_features](variables.tf#L83) | Enable cluster-level features. Certain features allow configuration. | <code title="object({ autopilot = optional(bool, false) binary_authorization = optional(bool, false) dns = optional(object({ provider = optional(string) scope = optional(string) domain = optional(string) })) database_encryption = optional(object({ state = string key_name = string })) dataplane_v2 = optional(bool, false) gateway_api = optional(bool, false) groups_for_rbac = optional(string) intranode_visibility = optional(bool, false) l4_ilb_subsetting = optional(bool, false) mesh_certificates = optional(bool) pod_security_policy = optional(bool, false) resource_usage_export = optional(object({ dataset = string enable_network_egress_metering = optional(bool) enable_resource_consumption_metering = optional(bool) })) shielded_nodes = optional(bool, false) tpu = optional(bool, false) upgrade_notifications = optional(object({ topic_id = optional(string) })) vertical_pod_autoscaling = optional(bool, false) workload_identity = optional(bool, true) })">object({…})</code> | | <code title="{ workload_identity = true }">{…}</code> |
|
||||
| [issue_client_certificate](variables.tf#L122) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
|
||||
| [labels](variables.tf#L128) | Cluster resource labels. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [logging_config](variables.tf#L139) | Logging configuration. | <code>list(string)</code> | | <code>["SYSTEM_COMPONENTS"]</code> |
|
||||
| [maintenance_config](variables.tf#L145) | Maintenance window configuration. | <code title="object({ daily_window_start_time = optional(string) recurring_window = optional(object({ start_time = string end_time = string recurrence = string })) maintenance_exclusions = optional(list(object({ name = string start_time = string end_time = string scope = optional(string) }))) })">object({…})</code> | | <code title="{ daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }">{…}</code> |
|
||||
| [max_pods_per_node](variables.tf#L168) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> |
|
||||
| [min_master_version](variables.tf#L174) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
|
||||
| [monitoring_config](variables.tf#L180) | Monitoring components. | <code title="object({ enable_components = optional(list(string)) managed_prometheus = optional(bool) })">object({…})</code> | | <code title="{ enable_components = ["SYSTEM_COMPONENTS"] }">{…}</code> |
|
||||
| [node_locations](variables.tf#L196) | Zones in which the cluster's nodes are located. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [private_cluster_config](variables.tf#L203) | Private cluster configuration. | <code title="object({ enable_private_endpoint = optional(bool) master_global_access = optional(bool) peering_config = optional(object({ export_routes = optional(bool) import_routes = optional(bool) project_id = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [release_channel](variables.tf#L222) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L228) | Network tags applied to nodes. | <code>list(string)</code> | | <code>null</code> |
|
||||
| [enable_features](variables.tf#L83) | Enable cluster-level features. Certain features allow configuration. | <code title="object({ binary_authorization = optional(bool, false) dns = optional(object({ provider = optional(string) scope = optional(string) domain = optional(string) })) database_encryption = optional(object({ state = string key_name = string })) dataplane_v2 = optional(bool, false) gateway_api = optional(bool, false) groups_for_rbac = optional(string) intranode_visibility = optional(bool, false) l4_ilb_subsetting = optional(bool, false) mesh_certificates = optional(bool) pod_security_policy = optional(bool, false) resource_usage_export = optional(object({ dataset = string enable_network_egress_metering = optional(bool) enable_resource_consumption_metering = optional(bool) })) shielded_nodes = optional(bool, false) tpu = optional(bool, false) upgrade_notifications = optional(object({ topic_id = optional(string) })) vertical_pod_autoscaling = optional(bool, false) workload_identity = optional(bool, true) })">object({…})</code> | | <code title="{ workload_identity = true }">{…}</code> |
|
||||
| [issue_client_certificate](variables.tf#L121) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
|
||||
| [labels](variables.tf#L127) | Cluster resource labels. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [logging_config](variables.tf#L138) | Logging configuration. | <code>list(string)</code> | | <code>["SYSTEM_COMPONENTS"]</code> |
|
||||
| [maintenance_config](variables.tf#L144) | Maintenance window configuration. | <code title="object({ daily_window_start_time = optional(string) recurring_window = optional(object({ start_time = string end_time = string recurrence = string })) maintenance_exclusions = optional(list(object({ name = string start_time = string end_time = string scope = optional(string) }))) })">object({…})</code> | | <code title="{ daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }">{…}</code> |
|
||||
| [max_pods_per_node](variables.tf#L167) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> |
|
||||
| [min_master_version](variables.tf#L173) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
|
||||
| [monitoring_config](variables.tf#L179) | Monitoring components. | <code title="object({ enable_components = optional(list(string)) managed_prometheus = optional(bool) })">object({…})</code> | | <code title="{ enable_components = ["SYSTEM_COMPONENTS"] }">{…}</code> |
|
||||
| [node_locations](variables.tf#L195) | Zones in which the cluster's nodes are located. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [private_cluster_config](variables.tf#L202) | Private cluster configuration. | <code title="object({ enable_private_endpoint = optional(bool) master_global_access = optional(bool) peering_config = optional(object({ export_routes = optional(bool) import_routes = optional(bool) project_id = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [release_channel](variables.tf#L221) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L227) | Network tags applied to nodes. | <code>list(string)</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
|
@ -15,12 +15,6 @@
|
|||
*/
|
||||
|
||||
resource "google_container_cluster" "cluster" {
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
node_config[0].boot_disk_kms_key,
|
||||
node_config[0].spot
|
||||
]
|
||||
}
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = var.name
|
||||
|
@ -29,54 +23,39 @@ resource "google_container_cluster" "cluster" {
|
|||
node_locations = (
|
||||
length(var.node_locations) == 0 ? null : var.node_locations
|
||||
)
|
||||
min_master_version = var.min_master_version
|
||||
network = var.vpc_config.network
|
||||
subnetwork = var.vpc_config.subnetwork
|
||||
resource_labels = var.labels
|
||||
default_max_pods_per_node = (
|
||||
var.enable_features.autopilot ? null : var.max_pods_per_node
|
||||
)
|
||||
enable_intranode_visibility = (
|
||||
var.enable_features.autopilot ? null : var.enable_features.intranode_visibility
|
||||
)
|
||||
enable_l4_ilb_subsetting = var.enable_features.l4_ilb_subsetting
|
||||
enable_shielded_nodes = (
|
||||
var.enable_features.autopilot ? null : var.enable_features.shielded_nodes
|
||||
)
|
||||
enable_tpu = var.enable_features.tpu
|
||||
initial_node_count = 1
|
||||
remove_default_node_pool = var.enable_features.autopilot ? null : true
|
||||
min_master_version = var.min_master_version
|
||||
network = var.vpc_config.network
|
||||
subnetwork = var.vpc_config.subnetwork
|
||||
resource_labels = var.labels
|
||||
default_max_pods_per_node = var.max_pods_per_node
|
||||
enable_intranode_visibility = var.enable_features.intranode_visibility
|
||||
enable_l4_ilb_subsetting = var.enable_features.l4_ilb_subsetting
|
||||
enable_shielded_nodes = var.enable_features.shielded_nodes
|
||||
enable_tpu = var.enable_features.tpu
|
||||
initial_node_count = 1
|
||||
remove_default_node_pool = true
|
||||
datapath_provider = (
|
||||
var.enable_features.dataplane_v2 || var.enable_features.autopilot
|
||||
var.enable_features.dataplane_v2
|
||||
? "ADVANCED_DATAPATH"
|
||||
: "DATAPATH_PROVIDER_UNSPECIFIED"
|
||||
)
|
||||
enable_autopilot = var.enable_features.autopilot ? true : null
|
||||
|
||||
# the default nodepool is deleted here, use the gke-nodepool module instead
|
||||
# default nodepool configuration based on a shielded_nodes variable
|
||||
dynamic "node_config" {
|
||||
for_each = var.enable_features.autopilot ? [] : [""]
|
||||
content {
|
||||
dynamic "shielded_instance_config" {
|
||||
for_each = var.enable_features.shielded_nodes ? [""] : []
|
||||
content {
|
||||
enable_secure_boot = true
|
||||
enable_integrity_monitoring = true
|
||||
}
|
||||
node_config {
|
||||
dynamic "shielded_instance_config" {
|
||||
for_each = var.enable_features.shielded_nodes ? [""] : []
|
||||
content {
|
||||
enable_secure_boot = true
|
||||
enable_integrity_monitoring = true
|
||||
}
|
||||
tags = var.tags
|
||||
}
|
||||
tags = var.tags
|
||||
}
|
||||
|
||||
|
||||
|
||||
addons_config {
|
||||
dynamic "dns_cache_config" {
|
||||
for_each = !var.enable_features.autopilot ? [""] : []
|
||||
content {
|
||||
enabled = var.enable_addons.dns_cache
|
||||
}
|
||||
dns_cache_config {
|
||||
enabled = var.enable_addons.dns_cache
|
||||
}
|
||||
http_load_balancing {
|
||||
disabled = !var.enable_addons.http_load_balancing
|
||||
|
@ -84,11 +63,8 @@ resource "google_container_cluster" "cluster" {
|
|||
horizontal_pod_autoscaling {
|
||||
disabled = !var.enable_addons.horizontal_pod_autoscaling
|
||||
}
|
||||
dynamic "network_policy_config" {
|
||||
for_each = !var.enable_features.autopilot ? [""] : []
|
||||
content {
|
||||
disabled = !var.enable_addons.network_policy
|
||||
}
|
||||
network_policy_config {
|
||||
disabled = !var.enable_addons.network_policy
|
||||
}
|
||||
cloudrun_config {
|
||||
disabled = !var.enable_addons.cloudrun
|
||||
|
@ -100,17 +76,10 @@ resource "google_container_cluster" "cluster" {
|
|||
)
|
||||
}
|
||||
gce_persistent_disk_csi_driver_config {
|
||||
enabled = (
|
||||
var.enable_features.autopilot
|
||||
? true
|
||||
: var.enable_addons.gce_persistent_disk_csi_driver
|
||||
)
|
||||
enabled = var.enable_addons.gce_persistent_disk_csi_driver
|
||||
}
|
||||
dynamic "gcp_filestore_csi_driver_config" {
|
||||
for_each = !var.enable_features.autopilot ? [""] : []
|
||||
content {
|
||||
enabled = var.enable_addons.gcp_filestore_csi_driver
|
||||
}
|
||||
gcp_filestore_csi_driver_config {
|
||||
enabled = var.enable_addons.gcp_filestore_csi_driver
|
||||
}
|
||||
kalm_config {
|
||||
enabled = var.enable_addons.kalm
|
||||
|
@ -140,7 +109,7 @@ resource "google_container_cluster" "cluster" {
|
|||
dynamic "cluster_autoscaling" {
|
||||
for_each = var.cluster_autoscaling == null ? [] : [""]
|
||||
content {
|
||||
enabled = var.enable_features.autopilot ? null : true
|
||||
enabled = true
|
||||
|
||||
dynamic "auto_provisioning_defaults" {
|
||||
for_each = var.cluster_autoscaling.auto_provisioning_defaults != null ? [""] : []
|
||||
|
@ -204,7 +173,7 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
|
||||
dynamic "logging_config" {
|
||||
for_each = var.logging_config != null && !var.enable_features.autopilot ? [""] : []
|
||||
for_each = var.logging_config != null ? [""] : []
|
||||
content {
|
||||
enable_components = var.logging_config
|
||||
}
|
||||
|
@ -283,7 +252,7 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
|
||||
dynamic "monitoring_config" {
|
||||
for_each = var.monitoring_config != null && !var.enable_features.autopilot ? [""] : []
|
||||
for_each = var.monitoring_config != null ? [""] : []
|
||||
content {
|
||||
enable_components = var.monitoring_config.enable_components
|
||||
dynamic "managed_prometheus" {
|
||||
|
@ -379,11 +348,17 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
|
||||
dynamic "workload_identity_config" {
|
||||
for_each = (var.enable_features.workload_identity && !var.enable_features.autopilot) ? [""] : []
|
||||
for_each = var.enable_features.workload_identity ? [""] : []
|
||||
content {
|
||||
workload_pool = "${var.project_id}.svc.id.goog"
|
||||
}
|
||||
}
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
node_config[0].boot_disk_kms_key,
|
||||
node_config[0].spot
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_gke_backup_backup_plan" "backup_plan" {
|
|
@ -0,0 +1,71 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "ca_certificate" {
|
||||
description = "Public certificate of the cluster (base64-encoded)."
|
||||
value = google_container_cluster.cluster.master_auth.0.cluster_ca_certificate
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "cluster" {
|
||||
description = "Cluster resource."
|
||||
sensitive = true
|
||||
value = google_container_cluster.cluster
|
||||
}
|
||||
|
||||
output "endpoint" {
|
||||
description = "Cluster endpoint."
|
||||
value = google_container_cluster.cluster.endpoint
|
||||
}
|
||||
|
||||
output "id" {
|
||||
description = "Cluster ID."
|
||||
value = google_container_cluster.cluster.id
|
||||
}
|
||||
|
||||
output "location" {
|
||||
description = "Cluster location."
|
||||
value = google_container_cluster.cluster.location
|
||||
}
|
||||
|
||||
output "master_version" {
|
||||
description = "Master version."
|
||||
value = google_container_cluster.cluster.master_version
|
||||
}
|
||||
|
||||
output "name" {
|
||||
description = "Cluster name."
|
||||
value = google_container_cluster.cluster.name
|
||||
}
|
||||
|
||||
output "notifications" {
|
||||
description = "GKE PubSub notifications topic."
|
||||
value = try(google_pubsub_topic.notifications[0].id, null)
|
||||
}
|
||||
|
||||
output "self_link" {
|
||||
description = "Cluster self link."
|
||||
sensitive = true
|
||||
value = google_container_cluster.cluster.self_link
|
||||
}
|
||||
|
||||
output "workload_identity_pool" {
|
||||
description = "Workload identity pool."
|
||||
value = "${var.project_id}.svc.id.goog"
|
||||
depends_on = [
|
||||
google_container_cluster.cluster
|
||||
]
|
||||
}
|
|
@ -83,7 +83,6 @@ variable "enable_addons" {
|
|||
variable "enable_features" {
|
||||
description = "Enable cluster-level features. Certain features allow configuration."
|
||||
type = object({
|
||||
autopilot = optional(bool, false)
|
||||
binary_authorization = optional(bool, false)
|
||||
dns = optional(object({
|
||||
provider = optional(string)
|
|
@ -4,10 +4,28 @@
|
|||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
terraform {
|
||||
required_version = ">= 1.4.4"
|
||||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.60.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.60.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -46,7 +46,7 @@ module "vpc" {
|
|||
}
|
||||
|
||||
module "cluster_1" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = module.project.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-west1"
|
||||
|
@ -54,7 +54,7 @@ module "cluster_1" {
|
|||
network = module.vpc.self_link
|
||||
subnetwork = module.vpc.subnet_self_links["europe-west1/cluster-1"]
|
||||
master_authorized_ranges = {
|
||||
fc1918_10_8 = "10.0.0.0/8"
|
||||
rfc1918_10_8 = "10.0.0.0/8"
|
||||
}
|
||||
master_ipv4_cidr_block = "192.168.0.0/28"
|
||||
}
|
||||
|
@ -119,7 +119,7 @@ module "hub" {
|
|||
}
|
||||
}
|
||||
|
||||
# tftest modules=4 resources=16
|
||||
# tftest modules=4 resources=16 inventory=full.yaml
|
||||
```
|
||||
|
||||
## Multi-cluster mesh on GKE
|
||||
|
@ -212,7 +212,7 @@ module "firewall" {
|
|||
}
|
||||
|
||||
module "cluster_1" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = module.project.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-west1"
|
||||
|
@ -253,7 +253,7 @@ module "cluster_1_nodepool" {
|
|||
}
|
||||
|
||||
module "cluster_2" {
|
||||
source = "./fabric/modules/gke-cluster"
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = module.project.project_id
|
||||
name = "cluster-2"
|
||||
location = "europe-west4"
|
||||
|
|
|
@ -56,7 +56,7 @@ module "kms" {
|
|||
key-c = { rotation_period = null, labels = { env = "test" } }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=9
|
||||
# tftest modules=1 resources=9 inventory=basic.yaml
|
||||
```
|
||||
|
||||
### Crypto key purpose
|
||||
|
|
|
@ -11,12 +11,12 @@ module "addresses" {
|
|||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
external_addresses = {
|
||||
nat-1 = var.region
|
||||
vpn-remote = var.region
|
||||
one = "europe-west1"
|
||||
two = "europe-west2"
|
||||
}
|
||||
global_addresses = ["app-1", "app-2"]
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
# tftest modules=1 resources=4 inventory=external.yaml
|
||||
```
|
||||
|
||||
### Internal addresses
|
||||
|
@ -38,7 +38,7 @@ module "addresses" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=internal.yaml
|
||||
```
|
||||
|
||||
### PSA addresses
|
||||
|
@ -55,7 +55,7 @@ module "addresses" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=psa.yaml
|
||||
```
|
||||
|
||||
### PSC addresses
|
||||
|
@ -75,7 +75,7 @@ module "addresses" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=psc.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -143,6 +143,7 @@ def plan_summary_fixture(request):
|
|||
**tf_vars):
|
||||
if basedir is None:
|
||||
basedir = Path(request.fspath).parent
|
||||
print(f"{basedir=}")
|
||||
return plan_summary(module_path=module_path, basedir=basedir,
|
||||
tf_var_files=tf_var_files, extra_files=extra_files,
|
||||
**tf_vars)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -28,74 +28,6 @@ import tftest
|
|||
BASEDIR = os.path.dirname(os.path.dirname(__file__))
|
||||
|
||||
|
||||
@pytest.fixture(scope='session')
|
||||
def _plan_runner():
|
||||
'Return a function to run Terraform plan on a fixture.'
|
||||
|
||||
def run_plan(fixture_path=None, extra_files=None, tf_var_file=None,
|
||||
targets=None, refresh=True, tmpdir=True, **tf_vars):
|
||||
'Run Terraform plan and returns parsed output.'
|
||||
if fixture_path is None:
|
||||
# find out the fixture directory from the caller's directory
|
||||
caller = inspect.stack()[2]
|
||||
fixture_path = os.path.join(os.path.dirname(caller.filename), 'fixture')
|
||||
|
||||
fixture_parent = os.path.dirname(fixture_path)
|
||||
fixture_prefix = os.path.basename(fixture_path) + '_'
|
||||
with tempfile.TemporaryDirectory(prefix=fixture_prefix,
|
||||
dir=fixture_parent) as tmp_path:
|
||||
# copy fixture to a temporary directory so we can execute
|
||||
# multiple tests in parallel
|
||||
if tmpdir:
|
||||
shutil.copytree(fixture_path, tmp_path, dirs_exist_ok=True)
|
||||
tf = tftest.TerraformTest(tmp_path if tmpdir else fixture_path, BASEDIR,
|
||||
os.environ.get('TERRAFORM', 'terraform'))
|
||||
tf.setup(extra_files=extra_files, upgrade=True)
|
||||
plan = tf.plan(output=True, refresh=refresh, tf_var_file=tf_var_file,
|
||||
tf_vars=tf_vars, targets=targets)
|
||||
return plan
|
||||
|
||||
return run_plan
|
||||
|
||||
|
||||
@pytest.fixture(scope='session')
|
||||
def plan_runner(_plan_runner):
|
||||
'Return a function to run Terraform plan on a module fixture.'
|
||||
|
||||
def run_plan(fixture_path=None, extra_files=None, tf_var_file=None,
|
||||
targets=None, **tf_vars):
|
||||
'Run Terraform plan and returns plan and module resources.'
|
||||
plan = _plan_runner(fixture_path, extra_files=extra_files,
|
||||
tf_var_file=tf_var_file, targets=targets, **tf_vars)
|
||||
# skip the fixture
|
||||
root_module = plan.root_module['child_modules'][0]
|
||||
return plan, root_module['resources']
|
||||
|
||||
return run_plan
|
||||
|
||||
|
||||
@pytest.fixture(scope='session')
|
||||
def e2e_plan_runner(_plan_runner):
|
||||
'Return a function to run Terraform plan on an end-to-end fixture.'
|
||||
|
||||
def run_plan(fixture_path=None, tf_var_file=None, targets=None, refresh=True,
|
||||
include_bare_resources=False, **tf_vars):
|
||||
'Run Terraform plan on an end-to-end module using defaults, returns data.'
|
||||
plan = _plan_runner(fixture_path, tf_var_file=tf_var_file, targets=targets,
|
||||
refresh=refresh, **tf_vars)
|
||||
# skip the fixture
|
||||
root_module = plan.root_module['child_modules'][0]
|
||||
modules = dict((mod['address'], mod['resources'])
|
||||
for mod in root_module['child_modules'])
|
||||
resources = [r for m in modules.values() for r in m]
|
||||
if include_bare_resources:
|
||||
bare_resources = root_module['resources']
|
||||
resources.extend(bare_resources)
|
||||
return modules, resources
|
||||
|
||||
return run_plan
|
||||
|
||||
|
||||
@pytest.fixture(scope='session')
|
||||
def apply_runner():
|
||||
'Return a function to run Terraform apply on a fixture.'
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,83 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-1"]:
|
||||
endpoint_attachment_id: endpoint-backend-1
|
||||
location: europe-west1
|
||||
service_attachment: projects/my-project-1/serviceAttachments/gkebackend1
|
||||
google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-2"]:
|
||||
endpoint_attachment_id: endpoint-backend-2
|
||||
location: europe-west1
|
||||
service_attachment: projects/my-project-2/serviceAttachments/gkebackend2
|
||||
google_apigee_envgroup.envgroups["prod"]:
|
||||
hostnames:
|
||||
- prod.example.com
|
||||
name: prod
|
||||
google_apigee_envgroup.envgroups["test"]:
|
||||
hostnames:
|
||||
- test.example.com
|
||||
name: test
|
||||
google_apigee_envgroup_attachment.envgroup_attachments["apis-prod-prod"]:
|
||||
environment: apis-prod
|
||||
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
|
||||
environment: apis-test
|
||||
google_apigee_environment.environments["apis-prod"]:
|
||||
description: APIs prod
|
||||
display_name: APIs prod
|
||||
name: apis-prod
|
||||
google_apigee_environment.environments["apis-test"]:
|
||||
description: APIs Test
|
||||
display_name: APIs test
|
||||
name: apis-test
|
||||
google_apigee_environment_iam_binding.binding["apis-prod-roles/viewer"]:
|
||||
condition: []
|
||||
env_id: apis-prod
|
||||
members:
|
||||
- group:devops@myorg.com
|
||||
role: roles/viewer
|
||||
google_apigee_instance.instances["instance-prod-ew3"]:
|
||||
description: Terraform-managed
|
||||
disk_encryption_key_name: null
|
||||
display_name: null
|
||||
ip_range: 10.0.6.0/22,10.1.0.16/28
|
||||
location: europe-west3
|
||||
name: instance-prod-ew3
|
||||
google_apigee_instance.instances["instance-test-ew1"]:
|
||||
description: Terraform-managed
|
||||
disk_encryption_key_name: null
|
||||
display_name: null
|
||||
ip_range: 10.0.4.0/22,10.1.0.0/28
|
||||
location: europe-west1
|
||||
name: instance-test-ew1
|
||||
google_apigee_organization.organization[0]:
|
||||
analytics_region: europe-west1
|
||||
authorized_network: my-vpc
|
||||
billing_type: Pay-as-you-go
|
||||
description: null
|
||||
display_name: null
|
||||
project_id: my-project
|
||||
retention: DELETION_RETENTION_UNSPECIFIED
|
||||
runtime_database_encryption_key_name: '123456789'
|
||||
runtime_type: CLOUD
|
||||
|
||||
counts:
|
||||
google_apigee_endpoint_attachment: 2
|
||||
google_apigee_envgroup: 2
|
||||
google_apigee_envgroup_attachment: 2
|
||||
google_apigee_environment: 2
|
||||
google_apigee_environment_iam_binding: 1
|
||||
google_apigee_instance: 2
|
||||
google_apigee_instance_attachment: 2
|
||||
google_apigee_organization: 1
|
|
@ -0,0 +1,23 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-1"]:
|
||||
endpoint_attachment_id: endpoint-backend-1
|
||||
location: europe-west1
|
||||
org_id: organizations/my-project
|
||||
service_attachment: projects/my-project-1/serviceAttachments/gkebackend1
|
||||
|
||||
counts:
|
||||
google_apigee_endpoint_attachment: 1
|
|
@ -0,0 +1,32 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
|
||||
envgroup_id: test
|
||||
environment: apis-test
|
||||
timeouts: null
|
||||
google_apigee_environment.environments["apis-test"]:
|
||||
description: APIs Test
|
||||
display_name: APIs test
|
||||
name: apis-test
|
||||
node_config:
|
||||
- max_node_count: '5'
|
||||
min_node_count: '2'
|
||||
org_id: organizations/my-project
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_apigee_envgroup_attachment: 1
|
||||
google_apigee_environment: 1
|
|
@ -0,0 +1,31 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
|
||||
envgroup_id: test
|
||||
environment: apis-test
|
||||
google_apigee_environment.environments["apis-test"]:
|
||||
api_proxy_type: PROGRAMMABLE
|
||||
description: APIs Test
|
||||
display_name: APIs test
|
||||
name: apis-test
|
||||
node_config:
|
||||
- max_node_count: '5'
|
||||
min_node_count: '2'
|
||||
org_id: organizations/my-project
|
||||
|
||||
counts:
|
||||
google_apigee_envgroup_attachment: 1
|
||||
google_apigee_environment: 1
|
|
@ -0,0 +1,34 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
|
||||
envgroup_id: test
|
||||
environment: apis-test
|
||||
timeouts: null
|
||||
google_apigee_environment.environments["apis-test"]:
|
||||
deployment_type: ARCHIVE
|
||||
description: APIs Test
|
||||
display_name: APIs test
|
||||
name: apis-test
|
||||
node_config:
|
||||
- max_node_count: '5'
|
||||
min_node_count: '2'
|
||||
org_id: organizations/my-project
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_apigee_envgroup_attachment: 1
|
||||
google_apigee_environment: 1
|
||||
|
|
@ -13,8 +13,11 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-autopilot.google_container_cluster.cluster:
|
||||
enable_autopilot: true
|
||||
google_apigee_envgroup.envgroups["test"]:
|
||||
hostnames:
|
||||
- test.example.com
|
||||
name: test
|
||||
org_id: organizations/my-project
|
||||
|
||||
counts:
|
||||
google_container_cluster: 1
|
||||
google_apigee_envgroup: 1
|
|
@ -1,25 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/apigee"
|
||||
project_id = var.project_id
|
||||
organization = var.organization
|
||||
envgroups = var.envgroups
|
||||
environments = var.environments
|
||||
instances = var.instances
|
||||
endpoint_attachments = var.endpoint_attachments
|
||||
}
|
|
@ -1,81 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "endpoint_attachments" {
|
||||
description = "Endpoint attachments."
|
||||
type = map(object({
|
||||
region = string
|
||||
service_attachment = string
|
||||
}))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "envgroups" {
|
||||
description = "Environment groups (NAME => [HOSTNAMES])."
|
||||
type = map(list(string))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "environments" {
|
||||
description = "Environments."
|
||||
type = map(object({
|
||||
display_name = optional(string)
|
||||
description = optional(string, "Terraform-managed")
|
||||
deployment_type = optional(string)
|
||||
api_proxy_type = optional(string)
|
||||
node_config = optional(object({
|
||||
min_node_count = optional(number)
|
||||
max_node_count = optional(number)
|
||||
}))
|
||||
iam = optional(map(list(string)))
|
||||
envgroups = list(string)
|
||||
}))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "instances" {
|
||||
description = "Instances."
|
||||
type = map(object({
|
||||
display_name = optional(string)
|
||||
description = optional(string, "Terraform-managed")
|
||||
region = string
|
||||
environments = list(string)
|
||||
runtime_ip_cidr_range = string
|
||||
troubleshooting_ip_cidr_range = string
|
||||
disk_encryption_key = optional(string)
|
||||
consumer_accept_list = optional(list(string))
|
||||
}))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
description = "Apigee organization. If set to null the organization must already exist."
|
||||
type = object({
|
||||
display_name = optional(string)
|
||||
description = optional(string, "Terraform-managed")
|
||||
authorized_network = optional(string)
|
||||
runtime_type = optional(string, "CLOUD")
|
||||
billing_type = optional(string)
|
||||
database_encryption_key = optional(string)
|
||||
analytics_region = optional(string, "europe-west1")
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project ID."
|
||||
type = string
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_apigee_instance.instances["instance-test-ew1"]:
|
||||
ip_range: 10.0.4.0/22,10.1.1.0.0/28
|
||||
location: europe-west1
|
||||
name: instance-test-ew1
|
||||
org_id: organizations/my-project
|
||||
google_apigee_instance_attachment.instance_attachments["instance-test-ew1-apis-test"]:
|
||||
environment: organizations/my-project/environments/apis-test
|
||||
|
||||
counts:
|
||||
google_apigee_instance: 1
|
||||
google_apigee_instance_attachment: 1
|
|
@ -0,0 +1,51 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_apigee_envgroup.envgroups["prod"]:
|
||||
hostnames:
|
||||
- prod.example.com
|
||||
name: prod
|
||||
google_apigee_envgroup.envgroups["test"]:
|
||||
hostnames:
|
||||
- test.example.com
|
||||
name: test
|
||||
google_apigee_envgroup_attachment.envgroup_attachments["apis-prod-prod"]:
|
||||
environment: apis-prod
|
||||
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
|
||||
environment: apis-test
|
||||
google_apigee_environment.environments["apis-prod"]:
|
||||
description: APIs prod
|
||||
display_name: APIs prod
|
||||
name: apis-prod
|
||||
google_apigee_environment.environments["apis-test"]:
|
||||
description: APIs Test
|
||||
display_name: APIs test
|
||||
name: apis-test
|
||||
google_apigee_organization.organization[0]:
|
||||
analytics_region: europe-west1
|
||||
authorized_network: my-vpc
|
||||
billing_type: PAYG
|
||||
description: null
|
||||
display_name: null
|
||||
project_id: my-project
|
||||
retention: DELETION_RETENTION_UNSPECIFIED
|
||||
runtime_database_encryption_key_name: '123456789'
|
||||
runtime_type: CLOUD
|
||||
|
||||
counts:
|
||||
google_apigee_envgroup: 2
|
||||
google_apigee_envgroup_attachment: 2
|
||||
google_apigee_environment: 2
|
||||
google_apigee_organization: 1
|
|
@ -0,0 +1,28 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_apigee_organization.organization[0]:
|
||||
analytics_region: europe-west1
|
||||
authorized_network: my-vpc
|
||||
billing_type: PAYG
|
||||
description: null
|
||||
display_name: null
|
||||
project_id: my-project
|
||||
retention: DELETION_RETENTION_UNSPECIFIED
|
||||
runtime_database_encryption_key_name: '123456789'
|
||||
runtime_type: CLOUD
|
||||
|
||||
counts:
|
||||
google_apigee_organization: 1
|
|
@ -1,95 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import collections
|
||||
|
||||
def test_all(plan_runner):
|
||||
"Test that creates all resources."
|
||||
_, resources = plan_runner(tf_var_file='test.all.tfvars')
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_apigee_organization.organization': 1,
|
||||
'google_apigee_envgroup.envgroups': 2,
|
||||
'google_apigee_environment.environments': 2,
|
||||
'google_apigee_envgroup_attachment.envgroup_attachments': 2,
|
||||
'google_apigee_instance.instances': 2,
|
||||
'google_apigee_instance_attachment.instance_attachments': 2,
|
||||
'google_apigee_endpoint_attachment.endpoint_attachments': 2,
|
||||
'google_apigee_environment_iam_binding.binding': 1
|
||||
}
|
||||
|
||||
def test_organization_only(plan_runner):
|
||||
"Test that creates only an organization."
|
||||
_, resources = plan_runner(tf_var_file='test.organization_only.tfvars')
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_apigee_organization.organization': 1
|
||||
}
|
||||
|
||||
def test_envgroup_only(plan_runner):
|
||||
"Test that creates only an environment group in an existing organization."
|
||||
_, resources = plan_runner(tf_var_file='test.envgroup_only.tfvars')
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_apigee_envgroup.envgroups': 1,
|
||||
}
|
||||
|
||||
def test_env_only(plan_runner):
|
||||
"Test that creates an environment in an existing environment group."
|
||||
_, resources = plan_runner(tf_var_file='test.env_only.tfvars')
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_apigee_environment.environments': 1,
|
||||
'google_apigee_envgroup_attachment.envgroup_attachments': 1,
|
||||
}
|
||||
|
||||
def test_env_only_with_deployment_type(plan_runner):
|
||||
"Test that creates an environment in an existing environment group, with deployment_type set."
|
||||
_, resources = plan_runner(tf_var_file='test.env_only_with_deployment_type.tfvars')
|
||||
assert [r['values'].get('deployment_type') for r in resources
|
||||
] == [None, 'ARCHIVE']
|
||||
|
||||
def test_env_only_with_api_proxy_type(plan_runner):
|
||||
"Test that creates an environment in an existing environment group, with api_proxy_type set."
|
||||
_, resources = plan_runner(tf_var_file='test.env_only_with_api_proxy_type.tfvars')
|
||||
assert [r['values'].get('api_proxy_type') for r in resources
|
||||
] == [None, 'PROGRAMMABLE']
|
||||
|
||||
def test_instance_only(plan_runner):
|
||||
"Test that creates only an instance."
|
||||
_, resources = plan_runner(tf_var_file='test.instance_only.tfvars')
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_apigee_instance.instances': 1,
|
||||
'google_apigee_instance_attachment.instance_attachments': 1
|
||||
}
|
||||
|
||||
def test_endpoint_attachment_only(plan_runner):
|
||||
"Test that creates only an instance."
|
||||
_, resources = plan_runner(tf_var_file='test.endpoint_attachment_only.tfvars')
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_apigee_endpoint_attachment.endpoint_attachments': 1,
|
||||
}
|
||||
|
||||
def test_no_instances(plan_runner):
|
||||
"Test that creates everything but the instances."
|
||||
_, resources = plan_runner(tf_var_file='test.no_instances.tfvars')
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_apigee_organization.organization': 1,
|
||||
'google_apigee_envgroup.envgroups': 2,
|
||||
'google_apigee_environment.environments': 2,
|
||||
'google_apigee_envgroup_attachment.envgroup_attachments': 2,
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -12,13 +12,15 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import pytest
|
||||
module: modules/apigee
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner):
|
||||
_, resources = plan_runner()
|
||||
return resources
|
||||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 4
|
||||
tests:
|
||||
all:
|
||||
endpoint_attachment_only:
|
||||
env_only:
|
||||
env_only_with_api_proxy_type:
|
||||
env_only_with_deployment_type:
|
||||
envgroup_only:
|
||||
instance_only:
|
||||
no_instances:
|
||||
organization_only:
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,29 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigquery-dataset.google_bigquery_dataset.default:
|
||||
dataset_id: my-dataset
|
||||
project: my-project
|
||||
module.bigquery-dataset.google_bigquery_dataset_iam_binding.bindings["roles/bigquery.dataOwner"]:
|
||||
condition: []
|
||||
dataset_id: my-dataset
|
||||
members:
|
||||
- user:user1@example.org
|
||||
project: my-project
|
||||
role: roles/bigquery.dataOwner
|
||||
|
||||
counts:
|
||||
google_bigquery_dataset: 1
|
||||
google_bigquery_dataset_iam_binding: 1
|
|
@ -0,0 +1,25 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigquery-dataset.google_bigquery_dataset.default:
|
||||
dataset_id: my-dataset
|
||||
default_partition_expiration_ms: null
|
||||
default_table_expiration_ms: 3600000
|
||||
delete_contents_on_destroy: false
|
||||
location: EU
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_bigquery_dataset: 1
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -12,14 +12,17 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
def test_resources(plan_runner):
|
||||
"Test module resources."
|
||||
_, resources = plan_runner()
|
||||
assert sorted(r['type'] for r in resources) == [
|
||||
'google_kms_crypto_key',
|
||||
'google_kms_crypto_key',
|
||||
'google_kms_crypto_key',
|
||||
'google_kms_crypto_key_iam_binding',
|
||||
'google_kms_key_ring',
|
||||
'google_kms_key_ring_iam_binding'
|
||||
]
|
||||
values:
|
||||
module.bigquery-dataset.google_bigquery_dataset.default:
|
||||
dataset_id: my-dataset
|
||||
location: EU
|
||||
project: my-project
|
||||
module.bigquery-dataset.google_bigquery_table.default["table_a"]:
|
||||
time_partitioning:
|
||||
- field: null
|
||||
require_partition_filter: null
|
||||
type: DAY
|
||||
|
||||
counts:
|
||||
google_bigquery_dataset: 1
|
||||
google_bigquery_table: 1
|
|
@ -0,0 +1,46 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigquery-dataset.google_bigquery_dataset.default:
|
||||
dataset_id: my-dataset
|
||||
description: Terraform managed.
|
||||
location: EU
|
||||
project: my-project
|
||||
module.bigquery-dataset.google_bigquery_dataset_access.group_by_email["reader-group"]:
|
||||
dataset_id: my-dataset
|
||||
group_by_email: playground-test@ludomagno.net
|
||||
project: my-project
|
||||
role: READER
|
||||
module.bigquery-dataset.google_bigquery_dataset_access.special_group["project_owners"]:
|
||||
dataset_id: my-dataset
|
||||
project: my-project
|
||||
role: OWNER
|
||||
special_group: projectOwners
|
||||
module.bigquery-dataset.google_bigquery_dataset_access.user_by_email["owner"]:
|
||||
dataset_id: my-dataset
|
||||
project: my-project
|
||||
role: OWNER
|
||||
user_by_email: ludo@ludomagno.net
|
||||
module.bigquery-dataset.google_bigquery_dataset_access.views["view_1"]:
|
||||
dataset_id: my-dataset
|
||||
project: my-project
|
||||
view:
|
||||
- dataset_id: my-dataset
|
||||
project_id: my-project
|
||||
table_id: my-table
|
||||
|
||||
counts:
|
||||
google_bigquery_dataset: 1
|
||||
google_bigquery_dataset_access: 4
|
|
@ -0,0 +1,39 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigquery-dataset.google_bigquery_dataset.default:
|
||||
dataset_id: my_dataset
|
||||
project: my-project
|
||||
module.bigquery-dataset.google_bigquery_table.default["countries"]:
|
||||
clustering: null
|
||||
dataset_id: my_dataset
|
||||
deletion_protection: true
|
||||
description: Terraform managed.
|
||||
friendly_name: Countries
|
||||
materialized_view: []
|
||||
project: my-project
|
||||
range_partitioning: []
|
||||
schema: '[{"name":"country","type":"STRING"},{"name":"population","type":"INT64"}]'
|
||||
table_id: countries
|
||||
time_partitioning: []
|
||||
view: []
|
||||
|
||||
counts:
|
||||
google_bigquery_dataset: 1
|
||||
google_bigquery_table: 1
|
||||
modules: 1
|
||||
resources: 2
|
||||
|
||||
outputs: {}
|
|
@ -0,0 +1,35 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigquery-dataset.google_bigquery_dataset.default:
|
||||
dataset_id: my_dataset
|
||||
location: EU
|
||||
project: my-project
|
||||
module.bigquery-dataset.google_bigquery_table.default["countries"]:
|
||||
dataset_id: my_dataset
|
||||
friendly_name: Countries
|
||||
module.bigquery-dataset.google_bigquery_table.views["population"]:
|
||||
dataset_id: my_dataset
|
||||
deletion_protection: true
|
||||
friendly_name: Population
|
||||
project: my-project
|
||||
table_id: population
|
||||
view:
|
||||
- query: SELECT SUM(population) FROM my_dataset.countries
|
||||
use_legacy_sql: false
|
||||
|
||||
counts:
|
||||
google_bigquery_dataset: 1
|
||||
google_bigquery_table: 2
|
|
@ -1,21 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "test"
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,58 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.budget.google_billing_budget.budget:
|
||||
all_updates_rule:
|
||||
- disable_default_iam_recipients: false
|
||||
pubsub_topic: null
|
||||
schema_version: '1.0'
|
||||
amount:
|
||||
- last_period_amount: null
|
||||
specified_amount:
|
||||
- nanos: null
|
||||
units: '100'
|
||||
billing_account: 123456-123456-123456
|
||||
budget_filter:
|
||||
- calendar_period: null
|
||||
credit_types_treatment: INCLUDE_ALL_CREDITS
|
||||
custom_period: []
|
||||
projects:
|
||||
- projects/123456789000
|
||||
- projects/123456789111
|
||||
display_name: $100 budget
|
||||
threshold_rules:
|
||||
- spend_basis: CURRENT_SPEND
|
||||
threshold_percent: 0.5
|
||||
- spend_basis: CURRENT_SPEND
|
||||
threshold_percent: 0.75
|
||||
- spend_basis: CURRENT_SPEND
|
||||
threshold_percent: 1
|
||||
- spend_basis: FORECASTED_SPEND
|
||||
threshold_percent: 1
|
||||
module.budget.google_monitoring_notification_channel.email_channels["user@example.com"]:
|
||||
description: null
|
||||
display_name: $100 budget budget email notification (user@example.com)
|
||||
enabled: true
|
||||
force_delete: false
|
||||
labels:
|
||||
email_address: user@example.com
|
||||
project: my-project
|
||||
sensitive_labels: []
|
||||
type: email
|
||||
user_labels: null
|
||||
|
||||
counts:
|
||||
google_billing_budget: 1
|
||||
google_monitoring_notification_channel: 1
|
|
@ -0,0 +1,39 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.budget.google_billing_budget.budget:
|
||||
all_updates_rule:
|
||||
- disable_default_iam_recipients: false
|
||||
monitoring_notification_channels: []
|
||||
pubsub_topic: projects/project-id/topics/budget-topic
|
||||
schema_version: '1.0'
|
||||
amount:
|
||||
- last_period_amount: true
|
||||
specified_amount: []
|
||||
billing_account: 123456-123456-123456
|
||||
budget_filter:
|
||||
- calendar_period: null
|
||||
credit_types_treatment: INCLUDE_ALL_CREDITS
|
||||
custom_period: []
|
||||
projects: null
|
||||
display_name: previous period budget
|
||||
threshold_rules:
|
||||
- spend_basis: CURRENT_SPEND
|
||||
threshold_percent: 1
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_billing_budget: 1
|
||||
google_pubsub_topic: 1
|
|
@ -1,30 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "budget" {
|
||||
source = "../../../../modules/billing-budget"
|
||||
billing_account = "123456-123456-123456"
|
||||
name = "my budget"
|
||||
projects = var.projects
|
||||
services = var.services
|
||||
notify_default_recipients = var.notify_default_recipients
|
||||
amount = var.amount
|
||||
credit_treatment = var.credit_treatment
|
||||
pubsub_topic = var.pubsub_topic
|
||||
notification_channels = var.notification_channels
|
||||
thresholds = var.thresholds
|
||||
email_recipients = var.email_recipients
|
||||
}
|
|
@ -1,69 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "amount" {
|
||||
type = number
|
||||
default = 0
|
||||
}
|
||||
|
||||
variable "credit_treatment" {
|
||||
type = string
|
||||
default = "INCLUDE_ALL_CREDITS"
|
||||
}
|
||||
|
||||
variable "email_recipients" {
|
||||
type = object({
|
||||
project_id = string
|
||||
emails = list(string)
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "notification_channels" {
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "notify_default_recipients" {
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "projects" {
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "pubsub_topic" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "services" {
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "thresholds" {
|
||||
type = object({
|
||||
current = list(number)
|
||||
forecasted = list(number)
|
||||
})
|
||||
default = {
|
||||
current = [0.5, 1.0]
|
||||
forecasted = [1.0]
|
||||
}
|
||||
}
|
|
@ -1,63 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
def test_pubsub(plan_runner):
|
||||
"Test number of resources created."
|
||||
_, resources = plan_runner(pubsub_topic='topic')
|
||||
assert len(resources) == 1
|
||||
resource = resources[0]
|
||||
assert resource['values']['all_updates_rule'] == [
|
||||
{'disable_default_iam_recipients': False,
|
||||
'monitoring_notification_channels': [],
|
||||
'pubsub_topic': 'topic',
|
||||
'schema_version': '1.0'}
|
||||
]
|
||||
|
||||
|
||||
def test_channel(plan_runner):
|
||||
_, resources = plan_runner(notification_channels='["channel"]')
|
||||
assert len(resources) == 1
|
||||
resource = resources[0]
|
||||
assert resource['values']['all_updates_rule'] == [
|
||||
{'disable_default_iam_recipients': True,
|
||||
'monitoring_notification_channels': ['channel'],
|
||||
'pubsub_topic': None,
|
||||
'schema_version': '1.0'}
|
||||
]
|
||||
|
||||
|
||||
def test_emails(plan_runner):
|
||||
email_recipients = '{project_id = "project", emails = ["a@b.com", "c@d.com"]}'
|
||||
_, resources = plan_runner(email_recipients=email_recipients)
|
||||
assert len(resources) == 3
|
||||
|
||||
|
||||
def test_absolute_amount(plan_runner):
|
||||
"Test absolute amount budget."
|
||||
_, resources = plan_runner(pubsub_topic='topic', amount="100")
|
||||
assert len(resources) == 1
|
||||
resource = resources[0]
|
||||
|
||||
amount = resource['values']['amount'][0]
|
||||
assert amount['last_period_amount'] is None
|
||||
assert amount['specified_amount'] == [{'nanos': None, 'units': '100'}]
|
||||
|
||||
assert resource['values']['threshold_rules'] == [
|
||||
{'spend_basis': 'CURRENT_SPEND',
|
||||
'threshold_percent': 0.5},
|
||||
{'spend_basis': 'CURRENT_SPEND',
|
||||
'threshold_percent': 1},
|
||||
{'spend_basis': 'FORECASTED_SPEND',
|
||||
'threshold_percent': 1}
|
||||
]
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -1,23 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/binauthz"
|
||||
project_id = var.project_id
|
||||
global_policy_evaluation_mode = var.global_policy_evaluation_mode
|
||||
default_admission_rule = var.default_admission_rule
|
||||
attestors_config = var.attestors_config
|
||||
}
|
|
@ -1,103 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "project_id" {
|
||||
type = string
|
||||
default = "my_project"
|
||||
}
|
||||
|
||||
variable "global_policy_evaluation_mode" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "admission_whitelist_patterns" {
|
||||
type = list(string)
|
||||
default = [
|
||||
"gcr.io/google_containers/*"
|
||||
]
|
||||
}
|
||||
|
||||
variable "default_admission_rule" {
|
||||
type = object({
|
||||
evaluation_mode = string
|
||||
enforcement_mode = string
|
||||
attestors = list(string)
|
||||
})
|
||||
default = {
|
||||
evaluation_mode = "ALWAYS_ALLOW"
|
||||
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
|
||||
attestors = null
|
||||
}
|
||||
}
|
||||
|
||||
variable "cluster_admission_rules" {
|
||||
type = map(object({
|
||||
evaluation_mode = string
|
||||
enforcement_mode = string
|
||||
attestors = list(string)
|
||||
}))
|
||||
default = {
|
||||
"europe-west1-c.cluster" = {
|
||||
evaluation_mode = "REQUIRE_ATTESTATION"
|
||||
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
|
||||
attestors = ["test"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
variable "attestors_config" {
|
||||
description = "Attestors configuration"
|
||||
type = map(object({
|
||||
note_reference = string
|
||||
iam = map(list(string))
|
||||
pgp_public_keys = list(string)
|
||||
pkix_public_keys = list(object({
|
||||
id = string
|
||||
public_key_pem = string
|
||||
signature_algorithm = string
|
||||
}))
|
||||
}))
|
||||
default = {
|
||||
"test" : {
|
||||
note_reference = null
|
||||
pgp_public_keys = [
|
||||
<<EOT
|
||||
mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
|
||||
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
|
||||
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
|
||||
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
|
||||
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
|
||||
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
|
||||
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
|
||||
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
|
||||
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
|
||||
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
|
||||
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
|
||||
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
|
||||
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
|
||||
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
|
||||
=6Bvm
|
||||
EOT
|
||||
]
|
||||
pkix_public_keys = null
|
||||
iam = {
|
||||
"roles/viewer" = ["user:user1@my_org.com"]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
project_id = "my-project"
|
||||
name = "test"
|
||||
bucket_name = "mybucket"
|
||||
bundle_config = {
|
||||
source_dir = "../../tests/modules/cloud_function/bundle"
|
||||
output_path = "bundle.zip"
|
||||
excludes = null
|
||||
}
|
||||
iam = {
|
||||
"roles/cloudfunctions.invoker" = ["allUsers"]
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
project_id = "my-project"
|
||||
name = "test"
|
||||
bucket_name = var.bucket_name
|
||||
v2 = var.v2
|
||||
bundle_config = {
|
||||
source_dir = "bundle"
|
||||
output_path = "bundle.zip"
|
||||
excludes = null
|
||||
}
|
||||
iam = {
|
||||
"roles/cloudfunctions.invoker" = ["allUsers"]
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -16,29 +16,28 @@ import pytest
|
|||
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner, version):
|
||||
def resources(plan_summary, version):
|
||||
# convert `version` to a boolean suitable for the `v2` variable
|
||||
v2 = {'v1': 'false', 'v2': 'true'}[version]
|
||||
_, resources = plan_runner(v2=v2)
|
||||
return resources
|
||||
summary = plan_summary('modules/cloud-function',
|
||||
tf_var_files=['common.tfvars'], v2=v2)
|
||||
return summary
|
||||
|
||||
|
||||
@pytest.mark.parametrize('version', ['v1', 'v2'])
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 3
|
||||
assert resources.counts['resources'] == 3
|
||||
|
||||
|
||||
@pytest.mark.parametrize('version', ['v1', 'v2'])
|
||||
def test_iam(resources, version):
|
||||
"Test IAM binding resources."
|
||||
|
||||
types = {
|
||||
type = {
|
||||
'v1': 'google_cloudfunctions_function_iam_binding',
|
||||
'v2': 'google_cloudfunctions2_function_iam_binding'
|
||||
}
|
||||
|
||||
bindings = [r['values'] for r in resources if r['type'] == types[version]]
|
||||
assert len(bindings) == 1
|
||||
assert bindings[0]['role'] == 'roles/cloudfunctions.invoker'
|
||||
assert bindings[0]['members'] == ['allUsers']
|
||||
}[version]
|
||||
key = f'{type}.default["roles/cloudfunctions.invoker"]'
|
||||
binding = resources.values[key]
|
||||
assert binding['role'] == 'roles/cloudfunctions.invoker'
|
||||
assert binding['members'] == ['allUsers']
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,37 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nginx-mig.google_compute_autoscaler.default[0]:
|
||||
autoscaling_policy:
|
||||
- cooldown_period: 30
|
||||
cpu_utilization:
|
||||
- predictive_method: NONE
|
||||
target: 0.65
|
||||
load_balancing_utilization: []
|
||||
max_replicas: 3
|
||||
metric: []
|
||||
min_replicas: 1
|
||||
mode: 'ON'
|
||||
scale_in_control: []
|
||||
scaling_schedules: []
|
||||
name: mig-test
|
||||
project: my-project
|
||||
timeouts: null
|
||||
zone: europe-west1-b
|
||||
|
||||
counts:
|
||||
google_compute_autoscaler: 1
|
||||
google_compute_instance_group_manager: 1
|
||||
google_compute_instance_template: 1
|
|
@ -0,0 +1,43 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nginx-mig.google_compute_health_check.default[0]:
|
||||
check_interval_sec: 5
|
||||
grpc_health_check: []
|
||||
healthy_threshold: 2
|
||||
http2_health_check: []
|
||||
http_health_check:
|
||||
- host: null
|
||||
port: 80
|
||||
port_name: null
|
||||
port_specification: null
|
||||
proxy_header: NONE
|
||||
request_path: /
|
||||
response: null
|
||||
https_health_check: []
|
||||
log_config:
|
||||
- enable: true
|
||||
name: mig-test
|
||||
project: my-project
|
||||
ssl_health_check: []
|
||||
tcp_health_check: []
|
||||
timeout_sec: 5
|
||||
timeouts: null
|
||||
unhealthy_threshold: 2
|
||||
|
||||
counts:
|
||||
google_compute_health_check: 1
|
||||
google_compute_instance_group_manager: 1
|
||||
google_compute_instance_template: 1
|
|
@ -0,0 +1,25 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nginx-mig.google_compute_instance_group_manager.default[0]:
|
||||
base_instance_name: mig-test
|
||||
name: mig-test
|
||||
project: my-project
|
||||
target_size: 2
|
||||
zone: europe-west1-b
|
||||
|
||||
counts:
|
||||
google_compute_instance_group_manager: 1
|
||||
google_compute_instance_template: 1
|
|
@ -0,0 +1,37 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nginx-mig.google_compute_per_instance_config.default["instance-1"]:
|
||||
minimal_action: NONE
|
||||
most_disruptive_allowed_action: REPLACE
|
||||
name: instance-1
|
||||
preserved_state:
|
||||
- disk:
|
||||
- delete_rule: NEVER
|
||||
device_name: persistent-disk-1
|
||||
mode: READ_WRITE
|
||||
source: test-disk
|
||||
metadata:
|
||||
foo: bar
|
||||
project: my-project
|
||||
remove_instance_state_on_destroy: false
|
||||
timeouts: null
|
||||
zone: europe-west1-b
|
||||
|
||||
counts:
|
||||
google_compute_autoscaler: 1
|
||||
google_compute_instance_group_manager: 1
|
||||
google_compute_instance_template: 1
|
||||
google_compute_per_instance_config: 1
|
|
@ -1,41 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
# Used in stateful disk test
|
||||
resource "google_compute_disk" "default" {
|
||||
name = "test-disk"
|
||||
type = "pd-ssd"
|
||||
zone = "europe-west1-c"
|
||||
image = "debian-9-stretch-v20200805"
|
||||
physical_block_size_bytes = 4096
|
||||
}
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/compute-mig"
|
||||
project_id = "my-project"
|
||||
name = "test-mig"
|
||||
target_size = 2
|
||||
default_version_name = "foo"
|
||||
instance_template = "foo-template"
|
||||
location = var.location
|
||||
autoscaler_config = var.autoscaler_config
|
||||
health_check_config = var.health_check_config
|
||||
named_ports = var.named_ports
|
||||
stateful_config = var.stateful_config
|
||||
stateful_disks = var.stateful_disks
|
||||
update_policy = var.update_policy
|
||||
versions = var.versions
|
||||
}
|
|
@ -1,95 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "all_instances_config" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "auto_healing_policies" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "autoscaler_config" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "default_version_name" {
|
||||
type = any
|
||||
default = "default"
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
type = any
|
||||
default = "Terraform managed."
|
||||
}
|
||||
|
||||
variable "distribution_policy" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "health_check_config" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
type = any
|
||||
default = "europe-west1-b"
|
||||
}
|
||||
|
||||
variable "named_ports" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "stateful_disks" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "stateful_config" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "target_pools" {
|
||||
type = any
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "target_size" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "update_policy" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "versions" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "wait_for_instances" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
|
@ -1,134 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
def test_defaults(plan_runner):
|
||||
"Test variable defaults."
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 1
|
||||
print(resources[0]['type'])
|
||||
mig = resources[0]
|
||||
assert mig['type'] == 'google_compute_instance_group_manager'
|
||||
assert mig['values']['target_size'] == 2
|
||||
assert mig['values']['zone']
|
||||
_, resources = plan_runner(location='"europe-west1"')
|
||||
assert len(resources) == 1
|
||||
mig = resources[0]
|
||||
assert mig['type'] == 'google_compute_region_instance_group_manager'
|
||||
assert mig['values']['target_size'] == 2
|
||||
assert mig['values']['region']
|
||||
|
||||
|
||||
def test_health_check(plan_runner):
|
||||
"Test health check resource."
|
||||
health_check_config = '''{
|
||||
enable_logging = true
|
||||
tcp = {
|
||||
port = 80
|
||||
}
|
||||
}'''
|
||||
_, resources = plan_runner(health_check_config=health_check_config)
|
||||
assert len(resources) == 2
|
||||
assert any(r['type'] == 'google_compute_health_check' for r in resources)
|
||||
|
||||
|
||||
def test_autoscaler(plan_runner):
|
||||
"Test autoscaler resource."
|
||||
autoscaler_config = '''{
|
||||
colldown_period = 60
|
||||
max_replicas = 3
|
||||
min_replicas = 1
|
||||
scaling_signals = {
|
||||
cpu_utilization = {
|
||||
target = 65
|
||||
}
|
||||
}
|
||||
}'''
|
||||
_, resources = plan_runner(autoscaler_config=autoscaler_config)
|
||||
assert len(resources) == 2
|
||||
autoscaler = resources[0]
|
||||
assert autoscaler['type'] == 'google_compute_autoscaler'
|
||||
assert autoscaler['values']['autoscaling_policy'] == [{
|
||||
'cooldown_period': 60,
|
||||
'cpu_utilization': [{
|
||||
'predictive_method': 'NONE',
|
||||
'target': 65
|
||||
}],
|
||||
'load_balancing_utilization': [],
|
||||
'max_replicas': 3,
|
||||
'metric': [],
|
||||
'min_replicas': 1,
|
||||
'mode': 'ON',
|
||||
'scale_in_control': [],
|
||||
'scaling_schedules': [],
|
||||
}]
|
||||
_, resources = plan_runner(autoscaler_config=autoscaler_config,
|
||||
location='"europe-west1"')
|
||||
assert len(resources) == 2
|
||||
autoscaler = resources[0]
|
||||
assert autoscaler['type'] == 'google_compute_region_autoscaler'
|
||||
|
||||
|
||||
def test_stateful_mig(plan_runner):
|
||||
"Test stateful instances - mig."
|
||||
|
||||
stateful_disks = '''{
|
||||
persistent-disk-1 = false
|
||||
}'''
|
||||
_, resources = plan_runner(stateful_disks=stateful_disks)
|
||||
assert len(resources) == 1
|
||||
statefuldisk = resources[0]
|
||||
assert statefuldisk['type'] == 'google_compute_instance_group_manager'
|
||||
assert statefuldisk['values']['stateful_disk'] == [{
|
||||
'device_name': 'persistent-disk-1',
|
||||
'delete_rule': 'NEVER',
|
||||
}]
|
||||
|
||||
|
||||
def test_stateful_instance(plan_runner):
|
||||
"Test stateful instances - instance."
|
||||
stateful_config = '''{
|
||||
instance-1 = {
|
||||
most_disruptive_action = "REPLACE",
|
||||
preserved_state = {
|
||||
disks = {
|
||||
persistent-disk-1 = {
|
||||
source = "test-disk"
|
||||
}
|
||||
}
|
||||
metadata = { foo = "bar" }
|
||||
}
|
||||
}
|
||||
}'''
|
||||
_, resources = plan_runner(stateful_config=stateful_config)
|
||||
assert len(resources) == 2
|
||||
instanceconfig = resources[0]
|
||||
assert instanceconfig['type'] == 'google_compute_instance_group_manager'
|
||||
instanceconfig = resources[1]
|
||||
assert instanceconfig['type'] == 'google_compute_per_instance_config'
|
||||
|
||||
assert instanceconfig['values']['preserved_state'] == [{
|
||||
'disk': [{
|
||||
'device_name': 'persistent-disk-1',
|
||||
'delete_rule': 'NEVER',
|
||||
'source': 'test-disk',
|
||||
'mode': 'READ_WRITE',
|
||||
}],
|
||||
'metadata': {
|
||||
'foo': 'bar'
|
||||
}
|
||||
}]
|
||||
assert instanceconfig['values']['minimal_action'] == 'NONE'
|
||||
assert instanceconfig['values']['most_disruptive_allowed_action'] == 'REPLACE'
|
||||
assert instanceconfig['values']['remove_instance_state_on_destroy'] == False
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1.google_container_cluster.cluster:
|
||||
location: europe-west1
|
||||
name: cluster-1
|
||||
|
||||
module.cluster-1.google_gke_backup_backup_plan.backup_plan["backup-1"]:
|
||||
backup_config:
|
||||
- all_namespaces: true
|
||||
encryption_key: []
|
||||
include_secrets: true
|
||||
include_volume_data: true
|
||||
selected_applications: []
|
||||
selected_namespaces: []
|
||||
backup_schedule:
|
||||
- cron_schedule: 0 9 * * 1
|
||||
location: europe-west-2
|
||||
name: backup-1
|
||||
project: project-id
|
||||
retention_policy:
|
||||
- locked: false
|
||||
|
||||
counts:
|
||||
google_container_cluster: 1
|
||||
google_gke_backup_backup_plan: 1
|
|
@ -0,0 +1,28 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1.google_container_cluster.cluster:
|
||||
private_cluster_config:
|
||||
- enable_private_endpoint: true
|
||||
enable_private_nodes: true
|
||||
master_global_access_config:
|
||||
- enabled: false
|
||||
master_ipv4_cidr_block: 192.168.0.0/28
|
||||
private_endpoint_subnetwork: null
|
||||
resource_labels:
|
||||
environment: dev
|
||||
|
||||
counts:
|
||||
google_container_cluster: 1
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue