/** * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ locals { _image = coalesce(var.node_config.image_type, "-") image = { is_cos = length(regexall("COS", local._image)) > 0 is_cos_containerd = ( var.node_config.image_type == null || length(regexall("COS_CONTAINERD", local._image)) > 0 ) is_win = length(regexall("WIN", local._image)) > 0 } node_metadata = var.node_config.metadata == null ? null : merge( var.node_config.metadata, { disable-legacy-endpoints = "true" } ) # if no attributes passed for service account, use the GCE default # if no email specified, create service account service_account_email = ( var.service_account.create ? google_service_account.service_account[0].email : var.service_account.email ) service_account_scopes = ( var.service_account.oauth_scopes != null ? var.service_account.oauth_scopes : [ "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/userinfo.email" ] ) taints = merge(var.taints, !local.image.is_win ? {} : { "node.kubernetes.io/os" = { value = "windows" effect = "NO_EXECUTE" } }) } resource "google_service_account" "service_account" { count = var.service_account.create ? 1 : 0 project = var.project_id account_id = ( var.service_account.email != null ? split("@", var.service_account.email)[0] : "tf-gke-${var.name}" ) display_name = "Terraform GKE ${var.cluster_name} ${var.name}." } resource "google_container_node_pool" "nodepool" { provider = google-beta project = var.project_id cluster = coalesce(var.cluster_id, var.cluster_name) location = var.location name = var.name version = var.gke_version max_pods_per_node = var.max_pods_per_node initial_node_count = var.node_count.initial node_count = var.node_count.current node_locations = var.node_locations # placement_policy = var.nodepool_config.placement_policy dynamic "autoscaling" { for_each = ( try(var.nodepool_config.autoscaling, null) != null && !try(var.nodepool_config.autoscaling.use_total_nodes, false) ? [""] : [] ) content { location_policy = try(var.nodepool_config.autoscaling.location_policy, null) max_node_count = try(var.nodepool_config.autoscaling.max_node_count, null) min_node_count = try(var.nodepool_config.autoscaling.min_node_count, null) } } dynamic "autoscaling" { for_each = ( try(var.nodepool_config.autoscaling.use_total_nodes, false) ? [""] : [] ) content { location_policy = try(var.nodepool_config.autoscaling.location_policy, null) total_max_node_count = try(var.nodepool_config.autoscaling.max_node_count, null) total_min_node_count = try(var.nodepool_config.autoscaling.min_node_count, null) } } dynamic "management" { for_each = try(var.nodepool_config.management, null) != null ? [""] : [] content { auto_repair = try(var.nodepool_config.management.auto_repair, null) auto_upgrade = try(var.nodepool_config.management.auto_upgrade, null) } } dynamic "network_config" { for_each = var.pod_range != null ? [""] : [] content { create_pod_range = var.pod_range.secondary_pod_range.create enable_private_nodes = var.pod_range.secondary_pod_range.enable_private_nodes pod_ipv4_cidr_block = var.pod_range.secondary_pod_range.cidr pod_range = var.pod_range.secondary_pod_range.name } } dynamic "upgrade_settings" { for_each = try(var.nodepool_config.upgrade_settings, null) != null ? [""] : [] content { max_surge = try(var.nodepool_config.upgrade_settings.max_surge, null) max_unavailable = try(var.nodepool_config.upgrade_settings.max_unavailable, null) } } node_config { boot_disk_kms_key = var.node_config.boot_disk_kms_key disk_size_gb = var.node_config.disk_size_gb disk_type = var.node_config.disk_type image_type = var.node_config.image_type labels = var.labels local_ssd_count = var.node_config.local_ssd_count machine_type = var.node_config.machine_type metadata = local.node_metadata min_cpu_platform = var.node_config.min_cpu_platform node_group = var.sole_tenant_nodegroup oauth_scopes = local.service_account_scopes preemptible = var.node_config.preemptible service_account = local.service_account_email spot = ( var.node_config.spot == true && var.node_config.preemptible != true ) tags = var.tags dynamic "ephemeral_storage_config" { for_each = var.node_config.ephemeral_ssd_count != null ? [""] : [] content { local_ssd_count = var.node_config.ephemeral_ssd_count } } dynamic "gcfs_config" { for_each = var.node_config.gcfs && local.image.is_cos_containerd ? [""] : [] content { enabled = true } } dynamic "guest_accelerator" { for_each = var.node_config.guest_accelerator != null ? [""] : [] content { count = var.node_config.guest_accelerator.count type = var.node_config.guest_accelerator.type gpu_partition_size = var.node_config.guest_accelerator.gpu_driver == null ? null : var.node_config.guest_accelerator.gpu_driver.partition_size dynamic "gpu_sharing_config" { for_each = try(var.node_config.guest_accelerator.gpu_driver.max_shared_clients_per_gpu, null) != null ? [""] : [] content { gpu_sharing_strategy = var.node_config.guest_accelerator.gpu_driver.max_shared_clients_per_gpu != null ? "TIME_SHARING" : null max_shared_clients_per_gpu = var.node_config.guest_accelerator.gpu_driver.max_shared_clients_per_gpu } } dynamic "gpu_driver_installation_config" { for_each = var.node_config.guest_accelerator.gpu_driver != null ? [""] : [] content { gpu_driver_version = var.node_config.guest_accelerator.gpu_driver.version } } } } dynamic "local_nvme_ssd_block_config" { for_each = coalesce(var.node_config.local_nvme_ssd_count, 0) > 0 ? [""] : [] content { local_ssd_count = var.node_config.local_nvme_ssd_count } } dynamic "gvnic" { for_each = var.node_config.gvnic && local.image.is_cos ? [""] : [] content { enabled = true } } dynamic "kubelet_config" { for_each = var.node_config.kubelet_config != null ? [""] : [] content { cpu_manager_policy = var.node_config.kubelet_config.cpu_manager_policy cpu_cfs_quota = var.node_config.kubelet_config.cpu_cfs_quota cpu_cfs_quota_period = var.node_config.kubelet_config.cpu_cfs_quota_period pod_pids_limit = var.node_config.kubelet_config.pod_pids_limit } } dynamic "linux_node_config" { for_each = var.node_config.linux_node_config != null ? [""] : [] content { sysctls = var.node_config.linux_node_config.sysctls cgroup_mode = try(var.node_config.linux_node_config.cgroup_mode, "CGROUP_MODE_UNSPECIFIED") } } dynamic "reservation_affinity" { for_each = var.reservation_affinity != null ? [""] : [] content { consume_reservation_type = var.reservation_affinity.consume_reservation_type key = var.reservation_affinity.key values = var.reservation_affinity.values } } dynamic "sandbox_config" { for_each = ( var.node_config.sandbox_config_gvisor == true && local.image.is_cos_containerd != null ? [""] : [] ) content { sandbox_type = "gvisor" } } dynamic "shielded_instance_config" { for_each = var.node_config.shielded_instance_config != null ? [""] : [] content { enable_secure_boot = var.node_config.shielded_instance_config.enable_secure_boot enable_integrity_monitoring = var.node_config.shielded_instance_config.enable_integrity_monitoring } } dynamic "taint" { for_each = local.taints content { key = taint.key value = taint.value.value effect = taint.value.effect } } dynamic "workload_metadata_config" { for_each = var.node_config.workload_metadata_config_mode != null ? [""] : [] content { mode = var.node_config.workload_metadata_config_mode } } } }