Upgrades to `monitoring_config` in `gke-cluster-*`, docs update, and cosmetics fixes to GKE cluster modules (#1680)
* gke-cluster-standard: upgrade `monitoring_config` to use object style. Add tests. * gke-cluster-standard: update docs * gke-cluster-autopilot: move gateway_api_config block (cosmetic change) * gke-cluster-autopilot: update docs and fix typos * Update blueprints due to `monitoring_config` changes in `gke-cluster-standard`. * Update FAST due to `monitoring_config` changes in `gke-cluster-standard`. * Update docs for affected blueprints and FAST stages
This commit is contained in:
parent
79723f9ce1
commit
b3dc91b5cd
|
@ -30,8 +30,9 @@ module "cluster" {
|
|||
# autopilot = true
|
||||
# }
|
||||
# monitoring_config = {
|
||||
# enenable_components = ["SYSTEM_COMPONENTS"]
|
||||
# managed_prometheus = true
|
||||
# enable_api_server_metrics = true
|
||||
# enable_controller_manager_metrics = true
|
||||
# enable_scheduler_metrics = true
|
||||
# }
|
||||
# cluster_autoscaling = {
|
||||
# auto_provisioning_defaults = {
|
||||
|
|
|
@ -244,21 +244,21 @@ module "gke" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
|
||||
| [folder_id](variables.tf#L138) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L189) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L198) | ID of the project that will contain all the clusters. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L210) | Shared VPC project and VPC details. | <code title="object({ host_project_id = string vpc_self_link = string })">object({…})</code> | ✓ | |
|
||||
| [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_components = optional(list(string), ["SYSTEM_COMPONENTS"]) managed_prometheus = optional(bool) })) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [fleet_configmanagement_clusters](variables.tf#L76) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [fleet_configmanagement_templates](variables.tf#L83) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [fleet_features](variables.tf#L118) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })">object({…})</code> | | <code>null</code> |
|
||||
| [fleet_workload_identity](variables.tf#L131) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> |
|
||||
| [group_iam](variables.tf#L143) | Project-level IAM bindings for groups. Use group emails as keys, list of roles as values. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [iam](variables.tf#L150) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L157) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [nodepools](variables.tf#L163) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(list(object({ key = string value = string effect = string }))) })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||
| [project_services](variables.tf#L203) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [billing_account_id](variables.tf#L17) | Billing account ID. | <code>string</code> | ✓ | |
|
||||
| [folder_id](variables.tf#L148) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L199) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L208) | ID of the project that will contain all the clusters. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L220) | Shared VPC project and VPC details. | <code title="object({ host_project_id = string vpc_self_link = string })">object({…})</code> | ✓ | |
|
||||
| [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_system_metrics = optional(bool, true) enable_api_server_metrics = optional(bool, false) enable_controller_manager_metrics = optional(bool, false) enable_scheduler_metrics = optional(bool, false) enable_managed_prometheus = optional(bool, true) }), {}) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [fleet_configmanagement_clusters](variables.tf#L86) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [fleet_configmanagement_templates](variables.tf#L93) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [fleet_features](variables.tf#L128) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })">object({…})</code> | | <code>null</code> |
|
||||
| [fleet_workload_identity](variables.tf#L141) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> |
|
||||
| [group_iam](variables.tf#L153) | Project-level IAM bindings for groups. Use group emails as keys, list of roles as values. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [iam](variables.tf#L160) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L167) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [nodepools](variables.tf#L173) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(list(object({ key = string value = string effect = string }))) })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||
| [project_services](variables.tf#L213) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
|
||||
variable "billing_account_id" {
|
||||
description = "Billing account id."
|
||||
description = "Billing account ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
@ -48,9 +48,19 @@ variable "clusters" {
|
|||
max_pods_per_node = optional(number, 110)
|
||||
min_master_version = optional(string)
|
||||
monitoring_config = optional(object({
|
||||
enable_components = optional(list(string), ["SYSTEM_COMPONENTS"])
|
||||
managed_prometheus = optional(bool)
|
||||
}))
|
||||
enable_system_metrics = optional(bool, true)
|
||||
|
||||
# Control plane metrics
|
||||
enable_api_server_metrics = optional(bool, false)
|
||||
enable_controller_manager_metrics = optional(bool, false)
|
||||
enable_scheduler_metrics = optional(bool, false)
|
||||
|
||||
# TODO add kube state metrics
|
||||
|
||||
# Google Cloud Managed Service for Prometheus
|
||||
enable_managed_prometheus = optional(bool, true)
|
||||
}), {})
|
||||
|
||||
node_locations = optional(list(string))
|
||||
private_cluster_config = optional(any)
|
||||
release_channel = optional(string)
|
||||
|
|
|
@ -163,21 +163,21 @@ Leave all these variables unset (or set to `null`) to disable fleet management.
|
|||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L21) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L29) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L159) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ gke-dev = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables.tf#L174) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [prefix](variables.tf#L227) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | |
|
||||
| [vpc_self_links](variables.tf#L243) | Self link for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [clusters](variables.tf#L42) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_components = optional(list(string), ["SYSTEM_COMPONENTS"]) managed_prometheus = optional(bool) })) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_clusters](variables.tf#L96) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_templates](variables.tf#L104) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_features](variables.tf#L139) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })">object({…})</code> | | <code>null</code> | |
|
||||
| [fleet_workload_identity](variables.tf#L152) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> | |
|
||||
| [group_iam](variables.tf#L167) | Project-level authoritative IAM bindings for groups in {GROUP_EMAIL => [ROLES]} format. Use group emails as keys, list of roles as values. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam](variables.tf#L182) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [labels](variables.tf#L189) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> | |
|
||||
| [nodepools](variables.tf#L195) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(list(object({ key = string value = string effect = string }))) })))">map(map(object({…})))</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L221) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L236) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> | |
|
||||
| [folder_ids](variables.tf#L168) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ gke-dev = string })">object({…})</code> | ✓ | | <code>1-resman</code> |
|
||||
| [host_project_ids](variables.tf#L183) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [prefix](variables.tf#L236) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | |
|
||||
| [vpc_self_links](variables.tf#L252) | Self link for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [clusters](variables.tf#L42) | Clusters configuration. Refer to the gke-cluster-standard module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_system_metrics = optional(bool, true) enable_api_server_metrics = optional(bool, false) enable_controller_manager_metrics = optional(bool, false) enable_scheduler_metrics = optional(bool, false) enable_managed_prometheus = optional(bool, true) }), {}) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_clusters](variables.tf#L105) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_templates](variables.tf#L113) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_features](variables.tf#L148) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })">object({…})</code> | | <code>null</code> | |
|
||||
| [fleet_workload_identity](variables.tf#L161) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> | |
|
||||
| [group_iam](variables.tf#L176) | Project-level authoritative IAM bindings for groups in {GROUP_EMAIL => [ROLES]} format. Use group emails as keys, list of roles as values. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam](variables.tf#L191) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [labels](variables.tf#L198) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> | |
|
||||
| [nodepools](variables.tf#L204) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(list(object({ key = string value = string effect = string }))) })))">map(map(object({…})))</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L230) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L245) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ variable "billing_account" {
|
|||
}
|
||||
|
||||
variable "clusters" {
|
||||
description = "Clusters configuration. Refer to the gke-cluster module for type details."
|
||||
description = "Clusters configuration. Refer to the gke-cluster-standard module for type details."
|
||||
type = map(object({
|
||||
cluster_autoscaling = optional(any)
|
||||
description = optional(string)
|
||||
|
@ -68,9 +68,18 @@ variable "clusters" {
|
|||
max_pods_per_node = optional(number, 110)
|
||||
min_master_version = optional(string)
|
||||
monitoring_config = optional(object({
|
||||
enable_components = optional(list(string), ["SYSTEM_COMPONENTS"])
|
||||
managed_prometheus = optional(bool)
|
||||
}))
|
||||
enable_system_metrics = optional(bool, true)
|
||||
|
||||
# Control plane metrics
|
||||
enable_api_server_metrics = optional(bool, false)
|
||||
enable_controller_manager_metrics = optional(bool, false)
|
||||
enable_scheduler_metrics = optional(bool, false)
|
||||
|
||||
# TODO add kube state metrics
|
||||
|
||||
# Google Cloud Managed Service for Prometheus
|
||||
enable_managed_prometheus = optional(bool, true)
|
||||
}), {})
|
||||
node_locations = optional(list(string))
|
||||
private_cluster_config = optional(any)
|
||||
release_channel = optional(string)
|
||||
|
|
|
@ -50,11 +50,11 @@ module "cluster-1" {
|
|||
|
||||
### Cloud DNS
|
||||
|
||||
This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns).
|
||||
|
||||
> **Warning**
|
||||
> [!WARNING]
|
||||
> [Cloud DNS is the only DNS provider for Autopilot clusters](https://cloud.google.com/kubernetes-engine/docs/concepts/service-discovery#cloud_dns) running version `1.25.9-gke.400` and later, and version `1.26.4-gke.500` and later. It is [pre-configured](https://cloud.google.com/kubernetes-engine/docs/resources/autopilot-standard-feature-comparison#feature-comparison) for those clusters. The following example *only* applies to Autopilot clusters running *earlier* versions.
|
||||
|
||||
This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns).
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-autopilot"
|
||||
|
@ -79,11 +79,11 @@ module "cluster-1" {
|
|||
|
||||
### Logging configuration
|
||||
|
||||
This example shows how to [collect logs for the Kubernetes control plane components](https://cloud.google.com/stackdriver/docs/solutions/gke/installing). The logs for these components are not collected by default.
|
||||
|
||||
> **Note**
|
||||
> [!NOTE]
|
||||
> System and workload logs collection is pre-configured for Autopilot clusters and cannot be disabled.
|
||||
|
||||
This example shows how to [collect logs for the Kubernetes control plane components](https://cloud.google.com/stackdriver/docs/solutions/gke/installing). The logs for these components are not collected by default.
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-autopilot"
|
||||
|
@ -106,14 +106,14 @@ module "cluster-1" {
|
|||
|
||||
### Monitoring configuration
|
||||
|
||||
This example shows how to [configure collection of Kubernetes control plane metrics](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-metrics#enable-control-plane-metrics). The metrics for these components are not collected by default.
|
||||
|
||||
> **Note**
|
||||
> [!NOTE]
|
||||
> System metrics collection is pre-configured for Autopilot clusters and cannot be disabled.
|
||||
|
||||
> **Warning**
|
||||
> [!WARNING]
|
||||
> GKE **workload metrics** is deprecated and removed in GKE 1.24 and later. Workload metrics is replaced by [Google Cloud Managed Service for Prometheus](https://cloud.google.com/stackdriver/docs/managed-prometheus), which is Google's recommended way to monitor Kubernetes applications by using Cloud Monitoring.
|
||||
|
||||
This example shows how to [configure collection of Kubernetes control plane metrics](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-metrics#enable-control-plane-metrics). The metrics for these components are not collected by default.
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-autopilot"
|
||||
|
@ -136,14 +136,14 @@ module "cluster-1" {
|
|||
|
||||
### Backup for GKE
|
||||
|
||||
> [!NOTE]
|
||||
> Although Backup for GKE can be enabled as an add-on when configuring your GKE clusters, it is a separate service from GKE.
|
||||
|
||||
[Backup for GKE](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke) is a service for backing up and restoring workloads in GKE clusters. It has two components:
|
||||
|
||||
* A [Google Cloud API](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest) that serves as the control plane for the service.
|
||||
* A GKE add-on (the [Backup for GKE agent](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke#agent_overview)) that must be enabled in each cluster for which you wish to perform backup and restore operations.
|
||||
|
||||
> **Note**
|
||||
> Although Backup for GKE can be enabled as an add-on when configuring your GKE clusters, it is a separate service from GKE.
|
||||
|
||||
Backup for GKE is supported in GKE Autopilot clusters with [some restrictions](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/about-autopilot).
|
||||
|
||||
This example shows how to [enable Backup for GKE on a new Autopilot cluster](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/how-to/install#enable_on_a_new_cluster_optional) and [plan a set of backups](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/how-to/backup-plan).
|
||||
|
@ -176,9 +176,9 @@ module "cluster-1" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [location](variables.tf#L110) | Autopilot cluster are always regional. | <code>string</code> | ✓ | |
|
||||
| [location](variables.tf#L110) | Autopilot clusters are always regional. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L170) | Cluster name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L196) | Cluster project id. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L196) | Cluster project ID. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L225) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ encryption_key = optional(string) include_secrets = optional(bool, true) include_volume_data = optional(bool, true) namespaces = optional(list(string)) region = string schedule = string retention_policy_days = optional(string) retention_policy_lock = optional(bool, false) retention_policy_delete_lock_days = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [description](variables.tf#L37) | Cluster description. | <code>string</code> | | <code>null</code> |
|
||||
|
@ -203,7 +203,7 @@ module "cluster-1" {
|
|||
| [ca_certificate](outputs.tf#L17) | Public certificate of the cluster (base64-encoded). | ✓ |
|
||||
| [cluster](outputs.tf#L23) | Cluster resource. | ✓ |
|
||||
| [endpoint](outputs.tf#L29) | Cluster endpoint. | |
|
||||
| [id](outputs.tf#L34) | Fully qualified cluster id. | |
|
||||
| [id](outputs.tf#L34) | Fully qualified cluster ID. | |
|
||||
| [location](outputs.tf#L39) | Cluster location. | |
|
||||
| [master_version](outputs.tf#L44) | Master version. | |
|
||||
| [name](outputs.tf#L49) | Cluster name. | |
|
||||
|
|
|
@ -103,6 +103,13 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
}
|
||||
|
||||
dynamic "gateway_api_config" {
|
||||
for_each = var.enable_features.gateway_api ? [""] : []
|
||||
content {
|
||||
channel = "CHANNEL_STANDARD"
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "ip_allocation_policy" {
|
||||
for_each = var.vpc_config.secondary_range_blocks != null ? [""] : []
|
||||
content {
|
||||
|
@ -131,13 +138,6 @@ resource "google_container_cluster" "cluster" {
|
|||
]))
|
||||
}
|
||||
|
||||
dynamic "gateway_api_config" {
|
||||
for_each = var.enable_features.gateway_api ? [""] : []
|
||||
content {
|
||||
channel = "CHANNEL_STANDARD"
|
||||
}
|
||||
}
|
||||
|
||||
maintenance_policy {
|
||||
dynamic "daily_maintenance_window" {
|
||||
for_each = (
|
||||
|
@ -207,7 +207,7 @@ resource "google_container_cluster" "cluster" {
|
|||
enable_components = toset(compact([
|
||||
# System metrics collection cannot be disabled for Autopilot clusters.
|
||||
"SYSTEM_COMPONENTS",
|
||||
# Control plane metrics.
|
||||
# Control plane metrics:
|
||||
var.monitoring_config.enable_api_server_metrics ? "APISERVER" : null,
|
||||
var.monitoring_config.enable_controller_manager_metrics ? "CONTROLLER_MANAGER" : null,
|
||||
var.monitoring_config.enable_scheduler_metrics ? "SCHEDULER" : null,
|
||||
|
|
|
@ -32,7 +32,7 @@ output "endpoint" {
|
|||
}
|
||||
|
||||
output "id" {
|
||||
description = "Fully qualified cluster id."
|
||||
description = "Fully qualified cluster ID."
|
||||
value = google_container_cluster.cluster.id
|
||||
}
|
||||
|
||||
|
|
|
@ -108,7 +108,7 @@ variable "labels" {
|
|||
}
|
||||
|
||||
variable "location" {
|
||||
description = "Autopilot cluster are always regional."
|
||||
description = "Autopilot clusters are always regional."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
@ -194,7 +194,7 @@ variable "private_cluster_config" {
|
|||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Cluster project id."
|
||||
description = "Cluster project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
|
|
@ -1,10 +1,29 @@
|
|||
# GKE cluster Standard module
|
||||
# GKE Standard cluster module
|
||||
|
||||
This module allows simplified creation and management of GKE Standard clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
|
||||
This module offers a way to create and manage Google Kubernetes Engine (GKE) [Standard clusters](https://cloud.google.com/kubernetes-engine/docs/concepts/choose-cluster-mode#why-standard). With its sensible default settings based on best practices and authors' experience as Google Cloud practitioners, the module accommodates for many common use cases out-of-the-box, without having to rely on verbose configuration.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This module should be used together with the [`gke-nodepool`](../gke-nodepool/) module because the default node pool is deleted upon cluster creation and cannot be re-created.
|
||||
|
||||
<!-- BEGIN TOC -->
|
||||
- [Example](#example)
|
||||
- [GKE Standard cluster](#gke-standard-cluster)
|
||||
- [Enable Dataplane V2](#enable-dataplane-v2)
|
||||
- [Managing GKE logs](#managing-gke-logs)
|
||||
- [Monitoring configuration](#monitoring-configuration)
|
||||
- [Disable GKE logs or metrics collection](#disable-gke-logs-or-metrics-collection)
|
||||
- [Cloud DNS](#cloud-dns)
|
||||
- [Backup for GKE](#backup-for-gke)
|
||||
- [Automatic creation of new secondary ranges](#automatic-creation-of-new-secondary-ranges)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
<!-- END TOC -->
|
||||
|
||||
## Example
|
||||
|
||||
### GKE Cluster
|
||||
### GKE Standard cluster
|
||||
|
||||
This example shows how to [create a zonal GKE cluster in Standard mode](https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-zonal-cluster).
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
|
@ -36,7 +55,9 @@ module "cluster-1" {
|
|||
# tftest modules=1 resources=1 inventory=basic.yaml
|
||||
```
|
||||
|
||||
### GKE Cluster with Dataplane V2 enabled
|
||||
### Enable Dataplane V2
|
||||
|
||||
This example shows how to [create a zonal GKE Cluster with Dataplane V2 enabled](https://cloud.google.com/kubernetes-engine/docs/how-to/dataplane-v2).
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
|
@ -95,15 +116,40 @@ module "cluster-1" {
|
|||
# tftest modules=1 resources=1 inventory=logging-config-enable-all.yaml
|
||||
```
|
||||
|
||||
### Disable GKE logs collection
|
||||
### Monitoring configuration
|
||||
|
||||
This example shows how to fully disable logs collection on a GKE Standard cluster. This is not recommended.
|
||||
This example shows how to [configure collection of Kubernetes control plane metrics](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-metrics#enable-control-plane-metrics). The metrics for these components are not collected by default.
|
||||
|
||||
> **Warning**
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = "myproject"
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {}
|
||||
}
|
||||
monitoring_config = {
|
||||
enable_api_server_metrics = true
|
||||
enable_controller_manager_metrics = true
|
||||
enable_scheduler_metrics = true
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=monitoring-config-control-plane.yaml
|
||||
```
|
||||
|
||||
|
||||
### Disable GKE logs or metrics collection
|
||||
|
||||
> [!WARNING]
|
||||
> If you've disabled Cloud Logging or Cloud Monitoring, GKE customer support
|
||||
> is offered on a best-effort basis and might require additional effort
|
||||
> from your engineering team.
|
||||
|
||||
This example shows how to fully disable logs collection on a zonal GKE Standard cluster. This is not recommended.
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
|
@ -122,6 +168,27 @@ module "cluster-1" {
|
|||
# tftest modules=1 resources=1 inventory=logging-config-disable-all.yaml
|
||||
```
|
||||
|
||||
This example shows how to fully disable metrics collection on a zonal GKE Standard cluster. This is not recommended.
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = "myproject"
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {}
|
||||
}
|
||||
monitoring_config = {
|
||||
enable_system_metrics = false
|
||||
enable_managed_prometheus = false
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=monitoring-config-disable-all.yaml
|
||||
```
|
||||
|
||||
### Cloud DNS
|
||||
|
||||
This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns) for GKE Standard clusters.
|
||||
|
@ -150,7 +217,15 @@ module "cluster-1" {
|
|||
|
||||
### Backup for GKE
|
||||
|
||||
This example shows how to [enable the Backup for GKE agent and configure a Backup Plan](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke) for GKE Standard clusters.
|
||||
> [!NOTE]
|
||||
> Although Backup for GKE can be enabled as an add-on when configuring your GKE clusters, it is a separate service from GKE.
|
||||
|
||||
[Backup for GKE](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke) is a service for backing up and restoring workloads in GKE clusters. It has two components:
|
||||
|
||||
* A [Google Cloud API](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest) that serves as the control plane for the service.
|
||||
* A GKE add-on (the [Backup for GKE agent](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke#agent_overview)) that must be enabled in each cluster for which you wish to perform backup and restore operations.
|
||||
|
||||
This example shows how to [enable Backup for GKE on a new zonal GKE Standard cluster](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/how-to/install#enable_on_a_new_cluster_optional) and [plan a set of backups](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/how-to/backup-plan).
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
|
@ -197,16 +272,15 @@ module "cluster-1" {
|
|||
}
|
||||
# tftest modules=1 resources=1
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [location](variables.tf#L138) | Cluster zone or region. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L210) | Cluster name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L236) | Cluster project id. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L253) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [name](variables.tf#L226) | Cluster name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L252) | Cluster project id. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L269) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ encryption_key = optional(string) include_secrets = optional(bool, true) include_volume_data = optional(bool, true) namespaces = optional(list(string)) region = string schedule = string retention_policy_days = optional(string) retention_policy_lock = optional(bool, false) retention_policy_delete_lock_days = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [cluster_autoscaling](variables.tf#L37) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object({ auto_provisioning_defaults = optional(object({ boot_disk_kms_key = optional(string) image_type = optional(string) oauth_scopes = optional(list(string)) service_account = optional(string) })) cpu_limits = optional(object({ min = number max = number })) mem_limits = optional(object({ min = number max = number })) })">object({…})</code> | | <code>null</code> |
|
||||
| [description](variables.tf#L58) | Cluster description. | <code>string</code> | | <code>null</code> |
|
||||
|
@ -218,11 +292,11 @@ module "cluster-1" {
|
|||
| [maintenance_config](variables.tf#L164) | Maintenance window configuration. | <code title="object({ daily_window_start_time = optional(string) recurring_window = optional(object({ start_time = string end_time = string recurrence = string })) maintenance_exclusions = optional(list(object({ name = string start_time = string end_time = string scope = optional(string) }))) })">object({…})</code> | | <code title="{ daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }">{…}</code> |
|
||||
| [max_pods_per_node](variables.tf#L187) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> |
|
||||
| [min_master_version](variables.tf#L193) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
|
||||
| [monitoring_config](variables.tf#L199) | Monitoring components. | <code title="object({ enable_components = optional(list(string)) managed_prometheus = optional(bool) })">object({…})</code> | | <code title="{ enable_components = ["SYSTEM_COMPONENTS"] }">{…}</code> |
|
||||
| [node_locations](variables.tf#L215) | Zones in which the cluster's nodes are located. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [private_cluster_config](variables.tf#L222) | Private cluster configuration. | <code title="object({ enable_private_endpoint = optional(bool) master_global_access = optional(bool) peering_config = optional(object({ export_routes = optional(bool) import_routes = optional(bool) project_id = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [release_channel](variables.tf#L241) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L247) | Network tags applied to nodes. | <code>list(string)</code> | | <code>null</code> |
|
||||
| [monitoring_config](variables.tf#L199) | Monitoring configuration. Google Cloud Managed Service for Prometheus is enabled by default. | <code title="object({ enable_system_metrics = optional(bool, true) enable_api_server_metrics = optional(bool, false) enable_controller_manager_metrics = optional(bool, false) enable_scheduler_metrics = optional(bool, false) enable_managed_prometheus = optional(bool, true) })">object({…})</code> | | <code>{}</code> |
|
||||
| [node_locations](variables.tf#L231) | Zones in which the cluster's nodes are located. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [private_cluster_config](variables.tf#L238) | Private cluster configuration. | <code title="object({ enable_private_endpoint = optional(bool) master_global_access = optional(bool) peering_config = optional(object({ export_routes = optional(bool) import_routes = optional(bool) project_id = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [release_channel](variables.tf#L257) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L263) | Network tags applied to nodes. | <code>list(string)</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -40,8 +40,8 @@ resource "google_container_cluster" "cluster" {
|
|||
: "DATAPATH_PROVIDER_UNSPECIFIED"
|
||||
)
|
||||
|
||||
# the default nodepool is deleted here, use the gke-nodepool module instead
|
||||
# default nodepool configuration based on a shielded_nodes variable
|
||||
# the default node pool is deleted here, use the gke-nodepool module instead.
|
||||
# the default node pool configuration is based on a shielded_nodes variable.
|
||||
node_config {
|
||||
dynamic "shielded_instance_config" {
|
||||
for_each = var.enable_features.shielded_nodes ? [""] : []
|
||||
|
@ -164,6 +164,13 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
}
|
||||
|
||||
dynamic "gateway_api_config" {
|
||||
for_each = var.enable_features.gateway_api ? [""] : []
|
||||
content {
|
||||
channel = "CHANNEL_STANDARD"
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "ip_allocation_policy" {
|
||||
for_each = var.vpc_config.secondary_range_blocks != null ? [""] : []
|
||||
content {
|
||||
|
@ -205,13 +212,6 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
}
|
||||
|
||||
dynamic "gateway_api_config" {
|
||||
for_each = var.enable_features.gateway_api ? [""] : []
|
||||
content {
|
||||
channel = "CHANNEL_STANDARD"
|
||||
}
|
||||
}
|
||||
|
||||
maintenance_policy {
|
||||
dynamic "daily_maintenance_window" {
|
||||
for_each = (
|
||||
|
@ -277,22 +277,21 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
}
|
||||
|
||||
dynamic "monitoring_config" {
|
||||
for_each = var.monitoring_config != null ? [""] : []
|
||||
content {
|
||||
enable_components = var.monitoring_config.enable_components
|
||||
dynamic "managed_prometheus" {
|
||||
for_each = (
|
||||
try(var.monitoring_config.managed_prometheus, null) == true ? [""] : []
|
||||
)
|
||||
content {
|
||||
enabled = true
|
||||
}
|
||||
}
|
||||
monitoring_config {
|
||||
enable_components = toset(compact([
|
||||
# System metrics is the minimum requirement if any other metrics are enabled. This is checked by input var validation.
|
||||
var.monitoring_config.enable_system_metrics ? "SYSTEM_COMPONENTS" : null,
|
||||
# Control plane metrics:
|
||||
var.monitoring_config.enable_api_server_metrics ? "APISERVER" : null,
|
||||
var.monitoring_config.enable_controller_manager_metrics ? "CONTROLLER_MANAGER" : null,
|
||||
var.monitoring_config.enable_scheduler_metrics ? "SCHEDULER" : null,
|
||||
]))
|
||||
managed_prometheus {
|
||||
enabled = var.monitoring_config.enable_managed_prometheus
|
||||
}
|
||||
}
|
||||
|
||||
# dataplane v2 has built-in network policies
|
||||
# Dataplane V2 has built-in network policies
|
||||
dynamic "network_policy" {
|
||||
for_each = (
|
||||
var.enable_addons.network_policy && !var.enable_features.dataplane_v2
|
||||
|
|
|
@ -197,13 +197,29 @@ variable "min_master_version" {
|
|||
}
|
||||
|
||||
variable "monitoring_config" {
|
||||
description = "Monitoring components."
|
||||
description = "Monitoring configuration. Google Cloud Managed Service for Prometheus is enabled by default."
|
||||
type = object({
|
||||
enable_components = optional(list(string))
|
||||
managed_prometheus = optional(bool)
|
||||
enable_system_metrics = optional(bool, true)
|
||||
|
||||
# Control plane metrics
|
||||
enable_api_server_metrics = optional(bool, false)
|
||||
enable_controller_manager_metrics = optional(bool, false)
|
||||
enable_scheduler_metrics = optional(bool, false)
|
||||
|
||||
# TODO add kube state metrics and validation
|
||||
|
||||
# Google Cloud Managed Service for Prometheus
|
||||
enable_managed_prometheus = optional(bool, true)
|
||||
})
|
||||
default = {
|
||||
enable_components = ["SYSTEM_COMPONENTS"]
|
||||
default = {}
|
||||
nullable = false
|
||||
validation {
|
||||
condition = anytrue([
|
||||
var.monitoring_config.enable_api_server_metrics,
|
||||
var.monitoring_config.enable_controller_manager_metrics,
|
||||
var.monitoring_config.enable_scheduler_metrics,
|
||||
]) ? var.monitoring_config.enable_system_metrics : true
|
||||
error_message = "System metrics are the minimum required component for enabling metrics collection."
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1.google_container_cluster.cluster:
|
||||
monitoring_config:
|
||||
- enable_components:
|
||||
- APISERVER
|
||||
- CONTROLLER_MANAGER
|
||||
- SCHEDULER
|
||||
- SYSTEM_COMPONENTS
|
||||
managed_prometheus:
|
||||
- enabled: true
|
||||
|
||||
counts:
|
||||
google_container_cluster: 1
|
|
@ -0,0 +1,23 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.cluster-1.google_container_cluster.cluster:
|
||||
monitoring_config:
|
||||
- enable_components: []
|
||||
managed_prometheus:
|
||||
- enabled: false
|
||||
|
||||
counts:
|
||||
google_container_cluster: 1
|
Loading…
Reference in New Issue