# GKE cluster module This module allows simplified creation and management of GKE clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases. ## Example ```hcl module "cluster-1" { source = "./modules/gke-cluster" project_id = "myproject" name = "cluster-1" location = "europe-west1-b" network = var.vpc.self_link subnetwork = var.subnet.self_link secondary_range_pods = "pods" secondary_range_services = "services" default_max_pods_per_node = 32 master_authorized_ranges = { internal-vms = "10.0.0.0/8" } private_cluster_config = { enable_private_nodes = true enable_private_endpoint = true master_ipv4_cidr_block = "192.168.0.0/28" } labels = { environment = "dev" } } # tftest:modules=1:resources=1 ``` ## Variables | name | description | type | required | default | |---|---|:---: |:---:|:---:| | location | Cluster zone or region. | string | ✓ | | | name | Cluster name. | string | ✓ | | | network | Name or self link of the VPC used for the cluster. Use the self link for Shared VPC. | string | ✓ | | | project_id | Cluster project id. | string | ✓ | | | secondary_range_pods | Subnet secondary range name used for pods. | string | ✓ | | | secondary_range_services | Subnet secondary range name used for services. | string | ✓ | | | subnetwork | VPC subnetwork name or self link. | string | ✓ | | | *addons* | Addons enabled in the cluster (true means enabled). | object({...}) | | ... | | *authenticator_security_group* | RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com. | string | | null | | *cluster_autoscaling* | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({...}) | | ... | | *database_encryption* | Enable and configure GKE application-layer secrets encryption. | object({...}) | | ... | | *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | number | | 110 | | *description* | Cluster description. | string | | null | | *enable_binary_authorization* | Enable Google Binary Authorization. | bool | | null | | *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | bool | | null | | *enable_shielded_nodes* | Enable Shielded Nodes features on all nodes in this cluster. | bool | | null | | *enable_tpu* | Enable Cloud TPU resources in this cluster. | bool | | null | | *labels* | Cluster resource labels. | map(string) | | null | | *logging_service* | Logging service (disable with an empty string). | string | | logging.googleapis.com/kubernetes | | *maintenance_start_time* | Maintenance start time in RFC3339 format 'HH:MM', where HH is [00-23] and MM is [00-59] GMT. | string | | 03:00 | | *master_authorized_ranges* | External Ip address ranges that can access the Kubernetes cluster master through HTTPS. | map(string) | | {} | | *min_master_version* | Minimum version of the master, defaults to the version of the most recent official release. | string | | null | | *monitoring_service* | Monitoring service (disable with an empty string). | string | | monitoring.googleapis.com/kubernetes | | *node_locations* | Zones in which the cluster's nodes are located. | list(string) | | [] | | *peering_config* | Configure peering with the master VPC for private clusters. | object({...}) | | null | | *pod_security_policy* | Enable the PodSecurityPolicy feature. | bool | | null | | *private_cluster_config* | Enable and configure private cluster, private nodes must be true if used. | object({...}) | | null | | *release_channel* | Release channel for GKE upgrades. | string | | null | | *resource_usage_export_config* | Configure the ResourceUsageExportConfig feature. | object({...}) | | ... | | *vertical_pod_autoscaling* | Enable the Vertical Pod Autoscaling feature. | bool | | null | | *workload_identity* | Enable the Workload Identity feature. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| | ca_certificate | Public certificate of the cluster (base64-encoded). | ✓ | | cluster | Cluster resource. | ✓ | | endpoint | Cluster endpoint. | | | location | Cluster location. | | | master_version | Master version. | | | name | Cluster name. | |