Added recurring maintenance window, dns config, L4ILB subsetting and monitoring/logging config to GKE cluster module.
This commit is contained in:
Taneli Leppä
parent
4723b17710
commit
e1b79bc7f6
|
|
@ -81,17 +81,21 @@ module "cluster-1" {
|
|||
| *database_encryption* | Enable and configure GKE application-layer secrets encryption. | <code title="object({ enabled = bool state = string key_name = string })">object({...})</code> | | <code title="{ enabled = false state = "DECRYPTED" key_name = null }">...</code> |
|
||||
| *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | <code title="">number</code> | | <code title="">110</code> |
|
||||
| *description* | Cluster description. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *dns_config* | Configuration for Using Cloud DNS for GKE. | <code title="object({ cluster_dns = string cluster_dns_scope = string cluster_dns_domain = string })">object({...})</code> | | <code title="{ cluster_dns = "PROVIDER_UNSPECIFIED" cluster_dns_scope = "DNS_SCOPE_UNSPECIFIED" cluster_dns_domain = "" }">...</code> |
|
||||
| *enable_autopilot* | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *enable_binary_authorization* | Enable Google Binary Authorization. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *enable_l4_ilb_subsetting* | Enable L4ILB Subsetting. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *enable_shielded_nodes* | Enable Shielded Nodes features on all nodes in this cluster. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *enable_tpu* | Enable Cloud TPU resources in this cluster. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *labels* | Cluster resource labels. | <code title="map(string)">map(string)</code> | | <code title="">null</code> |
|
||||
| *logging_config* | Logging configuration (enabled components). | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||
| *logging_service* | Logging service (disable with an empty string). | <code title="">string</code> | | <code title="">logging.googleapis.com/kubernetes</code> |
|
||||
| *maintenance_start_time* | Maintenance start time in RFC3339 format 'HH:MM', where HH is [00-23] and MM is [00-59] GMT. | <code title="">string</code> | | <code title="">03:00</code> |
|
||||
| *maintenance_config* | Maintenance window configuration | <code title="object({ daily_maintenance_window = object({ start_time = string }) recurring_window = object({ start_time = string end_time = string recurrence = string }) maintenance_exclusion = list(object({ exclusion_name = string start_time = string end_time = string })) })">object({...})</code> | | <code title="{ daily_maintenance_window = { start_time = "03:00" } recurring_window = null maintenance_exclusion = [] }">...</code> |
|
||||
| *master_authorized_ranges* | External Ip address ranges that can access the Kubernetes cluster master through HTTPS. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *min_master_version* | Minimum version of the master, defaults to the version of the most recent official release. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *monitoring_config* | Monitoring configuration (enabled components). | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||
| *monitoring_service* | Monitoring service (disable with an empty string). | <code title="">string</code> | | <code title="">monitoring.googleapis.com/kubernetes</code> |
|
||||
| *node_locations* | Zones in which the cluster's nodes are located. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
| *peering_config* | Configure peering with the master VPC for private clusters. | <code title="object({ export_routes = bool import_routes = bool project_id = string })">object({...})</code> | | <code title="">null</code> |
|
||||
|
|
|
|||
|
|
@ -39,12 +39,13 @@ resource "google_container_cluster" "cluster" {
|
|||
min_master_version = var.min_master_version
|
||||
network = var.network
|
||||
subnetwork = var.subnetwork
|
||||
logging_service = var.logging_service
|
||||
monitoring_service = var.monitoring_service
|
||||
logging_service = var.logging_config == null ? var.logging_service : null
|
||||
monitoring_service = var.monitoring_config == null ? var.monitoring_service : null
|
||||
resource_labels = var.labels
|
||||
default_max_pods_per_node = var.enable_autopilot ? null : var.default_max_pods_per_node
|
||||
enable_binary_authorization = var.enable_binary_authorization
|
||||
enable_intranode_visibility = var.enable_intranode_visibility
|
||||
enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
|
||||
enable_shielded_nodes = var.enable_shielded_nodes
|
||||
enable_tpu = var.enable_tpu
|
||||
initial_node_count = 1
|
||||
|
|
@ -92,11 +93,34 @@ resource "google_container_cluster" "cluster" {
|
|||
services_secondary_range_name = var.secondary_range_services
|
||||
}
|
||||
|
||||
# TODO(ludomagno): make optional, and support beta feature
|
||||
# https://www.terraform.io/docs/providers/google/r/container_cluster.html#daily_maintenance_window
|
||||
maintenance_policy {
|
||||
daily_maintenance_window {
|
||||
start_time = var.maintenance_start_time
|
||||
dynamic "daily_maintenance_window" {
|
||||
for_each = var.maintenance_config != null && lookup(var.maintenance_config, "daily_maintenance_window", null) != null ? [var.maintenance_config.daily_maintenance_window] : []
|
||||
iterator = config
|
||||
content {
|
||||
start_time = config.value.start_time
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "recurring_window" {
|
||||
for_each = var.maintenance_config != null && lookup(var.maintenance_config, "recurring_window", null) != null ? [var.maintenance_config.recurring_window] : []
|
||||
iterator = config
|
||||
content {
|
||||
start_time = config.value.start_time
|
||||
end_time = config.value.end_time
|
||||
recurrence = config.value.recurrence
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "maintenance_exclusion" {
|
||||
for_each = var.maintenance_config != null && lookup(var.maintenance_config, "maintenance_exclusion", null) != null ? var.maintenance_config.maintenance_exclusion : []
|
||||
iterator = config
|
||||
content {
|
||||
exclusion_name = config.value.exclusion_name
|
||||
start_time = config.value.start_time
|
||||
end_time = config.value.end_time
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -227,6 +251,29 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
}
|
||||
|
||||
dynamic "monitoring_config" {
|
||||
for_each = var.monitoring_config != null ? [""] : []
|
||||
content {
|
||||
enable_components = var.monitoring_config
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "logging_config" {
|
||||
for_each = var.logging_config != null ? [""] : []
|
||||
content {
|
||||
enable_components = var.logging_config
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "dns_config" {
|
||||
for_each = var.dns_config != null ? [var.dns_config] : []
|
||||
iterator = config
|
||||
content {
|
||||
cluster_dns = config.value.cluster_dns
|
||||
cluster_dns_scope = config.value.cluster_dns_scope
|
||||
cluster_dns_domain = config.value.cluster_dns_domain
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_network_peering_routes_config" "gke_master" {
|
||||
|
|
|
|||
|
|
@ -92,6 +92,20 @@ variable "description" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "dns_config" {
|
||||
description = "Configuration for Using Cloud DNS for GKE."
|
||||
type = object({
|
||||
cluster_dns = string
|
||||
cluster_dns_scope = string
|
||||
cluster_dns_domain = string
|
||||
})
|
||||
default = {
|
||||
cluster_dns = "PROVIDER_UNSPECIFIED"
|
||||
cluster_dns_scope = "DNS_SCOPE_UNSPECIFIED"
|
||||
cluster_dns_domain = ""
|
||||
}
|
||||
}
|
||||
|
||||
variable "enable_autopilot" {
|
||||
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)"
|
||||
type = bool
|
||||
|
|
@ -116,6 +130,12 @@ variable "enable_intranode_visibility" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "enable_l4_ilb_subsetting" {
|
||||
description = "Enable L4ILB Subsetting."
|
||||
type = bool
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "enable_shielded_nodes" {
|
||||
description = "Enable Shielded Nodes features on all nodes in this cluster."
|
||||
type = bool
|
||||
|
|
@ -139,16 +159,42 @@ variable "location" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "logging_config" {
|
||||
description = "Logging configuration (enabled components)."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "logging_service" {
|
||||
description = "Logging service (disable with an empty string)."
|
||||
type = string
|
||||
default = "logging.googleapis.com/kubernetes"
|
||||
}
|
||||
|
||||
variable "maintenance_start_time" {
|
||||
description = "Maintenance start time in RFC3339 format 'HH:MM', where HH is [00-23] and MM is [00-59] GMT."
|
||||
type = string
|
||||
default = "03:00"
|
||||
variable "maintenance_config" {
|
||||
description = "Maintenance window configuration"
|
||||
type = object({
|
||||
daily_maintenance_window = object({
|
||||
start_time = string
|
||||
})
|
||||
recurring_window = object({
|
||||
start_time = string
|
||||
end_time = string
|
||||
recurrence = string
|
||||
})
|
||||
maintenance_exclusion = list(object({
|
||||
exclusion_name = string
|
||||
start_time = string
|
||||
end_time = string
|
||||
}))
|
||||
})
|
||||
default = {
|
||||
daily_maintenance_window = {
|
||||
start_time = "03:00"
|
||||
}
|
||||
recurring_window = null
|
||||
maintenance_exclusion = []
|
||||
}
|
||||
}
|
||||
|
||||
variable "master_authorized_ranges" {
|
||||
|
|
@ -163,6 +209,12 @@ variable "min_master_version" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "monitoring_config" {
|
||||
description = "Monitoring configuration (enabled components)."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "monitoring_service" {
|
||||
description = "Monitoring service (disable with an empty string)."
|
||||
type = string
|
||||
|
|
@ -261,4 +313,3 @@ variable "workload_identity" {
|
|||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue