# GKE Multitenant Module TODO: add brief explanation and refer back to dev folder?

GKE multitenant

This is an example of that shows the use of the above variables: ```hcl # the `cluster_defaults` variable defaults are used and not shown here clusters = { "gke-00" = { cluster_autoscaling = null description = "gke-00" dns_domain = null location = "europe-west1" labels = {} net = { master_range = "172.17.16.0/28" pods = "pods" services = "services" subnet = local.vpc.subnet_self_links["europe-west3/gke-dev-0"] } overrides = null } "gke-01" = { cluster_autoscaling = null description = "gke-01" dns_domain = null location = "europe-west3" labels = {} net = { master_range = "172.17.17.0/28" pods = "pods" services = "services" subnet = local.vpc.subnet_self_links["europe-west3/gke-dev-0"] } overrides = { cloudrun_config = false database_encryption_key = null gcp_filestore_csi_driver_config = true master_authorized_ranges = { rfc1918_1 = "10.0.0.0/8" } max_pods_per_node = 64 pod_security_policy = true release_channel = "STABLE" vertical_pod_autoscaling = false } } } nodepools = { "gke-0" = { "gke-00-000" = { initial_node_count = 1 node_count = 1 node_type = "n2-standard-4" overrides = null spot = false } } "gke-1" = { "gke-01-000" = { initial_node_count = 1 node_count = 1 node_type = "n2-standard-4" overrides = { image_type = "UBUNTU_CONTAINERD" max_pods_per_node = 64 node_locations = [] node_tags = [] node_taints = [] } spot = true } } } ``` ```hcl fleet_configmanagement_templates = { default = { binauthz = false config_sync = { git = { gcp_service_account_email = null https_proxy = null policy_dir = "configsync" secret_type = "none" source_format = "hierarchy" sync_branch = "main" sync_repo = "https://github.com/.../..." sync_rev = null sync_wait_secs = null } prevent_drift = true source_format = "hierarchy" } hierarchy_controller = null policy_controller = null version = "1.10.2" } } fleet_configmanagement_clusters = { default = ["gke-1", "gke-2"] } fleet_features = { appdevexperience = false configmanagement = false identityservice = false multiclusteringress = "gke-1" multiclusterservicediscovery = true servicemesh = false } ``` ## Files | name | description | modules | |---|---|---| | [gke-clusters.tf](./gke-clusters.tf) | None | gke-cluster | | [gke-hub.tf](./gke-hub.tf) | None | gke-hub | | [gke-nodepools.tf](./gke-nodepools.tf) | None | gke-nodepool | | [main.tf](./main.tf) | Module-level locals and resources. | bigquery-dataset · project | | [outputs.tf](./outputs.tf) | Output variables. | | | [variables.tf](./variables.tf) | Module variables. | | ## Variables | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| | [billing_account_id](variables.tf#L27) | Billing account id. | string | ✓ | | | | [clusters](variables.tf#L61) | | map(object({…})) | ✓ | | | | [folder_id](variables.tf#L163) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string | ✓ | | | | [nodepools](variables.tf#L206) | | map(map(object({…}))) | ✓ | | | | [prefix](variables.tf#L236) | Prefix used for resources that need unique names. | string | ✓ | | | | [project_id](variables.tf#L241) | ID of the project that will contain all the clusters. | string | ✓ | | | | [vpc_config](variables.tf#L253) | Shared VPC project and VPC details. | object({…}) | ✓ | | | | [authenticator_security_group](variables.tf#L21) | Optional group used for Groups for GKE. | string | | null | | | [cluster_defaults](variables.tf#L32) | Default values for optional cluster configurations. | object({…}) | | {…} | | | [dns_domain](variables.tf#L94) | Domain name used for clusters, prefixed by each cluster name. Leave null to disable Cloud DNS for GKE. | string | | null | | | [fleet_configmanagement_clusters](variables.tf#L100) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} | | | [fleet_configmanagement_templates](variables.tf#L108) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} | | | [fleet_features](variables.tf#L143) | Enable and configue fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | object({…}) | | null | | | [fleet_workload_identity](variables.tf#L156) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | bool | | true | | | [group_iam](variables.tf#L168) | Project-level IAM bindings for groups. Use group emails as keys, list of roles as values. | map(list(string)) | | {} | | | [iam](variables.tf#L175) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | | [labels](variables.tf#L182) | Project-level labels. | map(string) | | {} | | | [nodepool_defaults](variables.tf#L188) | | object({…}) | | {…} | | | [peering_config](variables.tf#L223) | Configure peering with the control plane VPC. Requires compute.networks.updatePeering. Set to null if you don't want to update the default peering configuration. | object({…}) | | {…} | | | [project_services](variables.tf#L246) | Additional project services to enable. | list(string) | | [] | | ## Outputs | name | description | sensitive | consumers | |---|---|:---:|---| | [cluster_ids](outputs.tf#L22) | Cluster ids. | | | | [clusters](outputs.tf#L17) | Cluster resources. | | | | [project_id](outputs.tf#L29) | GKE project id. | | |