# GKE nodepool module This module allows simplified creation and management of individual GKE nodepools, setting sensible defaults (eg a service account is created for nodes if none is set) and allowing for less verbose usage in most use cases. ## Example usage ### Module defaults If no specific node configuration is set via variables, the module uses the provider's defaults only setting OAuth scopes to a minimal working set (devstorage read-only, logging and monitoring write) and the node machine type to `n1-standard-1`. The service account set by the provider in this case is the GCE default service account. ```hcl module "cluster-1-nodepool-1" { source = "./modules/gke-nodepool" project_id = "myproject" cluster_name = "cluster-1" location = "europe-west1-b" name = "nodepool-1" } ``` ### Internally managed service account To have the module auto-create a service account for the nodes, set the `node_service_account_create` variable to `true`. When a service account is created by the module, OAuth scopes are set to `cloud-platform` by default. The service account resource and email (in both plain and IAM formats) are then available in outputs to assign IAM roles from your own code. ```hcl module "cluster-1-nodepool-1" { source = "./modules/gke-nodepool" project_id = "myproject" cluster_name = "cluster-1" location = "europe-west1-b" name = "nodepool-1" node_service_account_create = true } # tftest:modules=1:resources=2 ``` ## Variables | name | description | type | required | default | |---|---|:---: |:---:|:---:| | cluster_name | Cluster name. | string | ✓ | | | location | Cluster location. | string | ✓ | | | project_id | Cluster project id. | string | ✓ | | | *autoscaling_config* | Optional autoscaling configuration. | object({...}) | | null | | *gke_version* | Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. | string | | null | | *initial_node_count* | Initial number of nodes for the pool. | number | | 1 | | *management_config* | Optional node management configuration. | object({...}) | | null | | *max_pods_per_node* | Maximum number of pods per node. | number | | null | | *name* | Optional nodepool name. | string | | null | | *node_boot_disk_kms_key* | Customer Managed Encryption Key used to encrypt the boot disk attached to each node | string | | null | | *node_count* | Number of nodes per instance group, can be updated after creation. Ignored when autoscaling is set. | number | | null | | *node_disk_size* | Node disk size, defaults to 100GB. | number | | 100 | | *node_disk_type* | Node disk type, defaults to pd-standard. | string | | pd-standard | | *node_guest_accelerator* | Map of type and count of attached accelerator cards. | map(number) | | {} | | *node_image_type* | Nodes image type. | string | | null | | *node_labels* | Kubernetes labels attached to nodes. | map(string) | | {} | | *node_local_ssd_count* | Number of local SSDs attached to nodes. | number | | 0 | | *node_locations* | Optional list of zones in which nodes should be located. Uses cluster locations if unset. | list(string) | | null | | *node_machine_type* | Nodes machine type. | string | | n1-standard-1 | | *node_metadata* | Metadata key/value pairs assigned to nodes. Set disable-legacy-endpoints to true when using this variable. | map(string) | | null | | *node_min_cpu_platform* | Minimum CPU platform for nodes. | string | | null | | *node_preemptible* | Use preemptible VMs for nodes. | bool | | null | | *node_sandbox_config* | GKE Sandbox configuration. Needs image_type set to COS_CONTAINERD and node_version set to 1.12.7-gke.17 when using this variable. | string | | null | | *node_service_account* | Service account email. Unused if service account is auto-created. | string | | null | | *node_service_account_create* | Auto-create service account. | bool | | false | | *node_service_account_scopes* | Scopes applied to service account. Default to: 'cloud-platform' when creating a service account; 'devstorage.read_only', 'logging.write', 'monitoring.write' otherwise. | list(string) | | [] | | *node_shielded_instance_config* | Shielded instance options. | object({...}) | | null | | *node_tags* | Network tags applied to nodes. | list(string) | | null | | *node_taints* | Kubernetes taints applied to nodes. E.g. type=blue:NoSchedule | list(string) | | [] | | *upgrade_config* | Optional node upgrade configuration. | object({...}) | | null | | *workload_metadata_config* | Metadata configuration to expose to workloads on the node pool. | string | | GKE_METADATA_SERVER | ## Outputs | name | description | sensitive | |---|---|:---:| | name | Nodepool name. | | | service_account | Service account resource. | | | service_account_email | Service account email. | | | service_account_iam_email | Service account email. | |