# GKE nodepool module This module allows simplified creation and management of individual GKE nodepools, setting sensible defaults (eg a service account is created for nodes if none is set) and allowing for less verbose usage in most use cases. ## Example usage ### Module defaults If no specific node configuration is set via variables, the module uses the provider's defaults only setting OAuth scopes to a minimal working set and the node machine type to `n1-standard-1`. The service account set by the provider in this case is the GCE default service account. ```hcl module "cluster-1-nodepool-1" { source = "./fabric/modules/gke-nodepool" project_id = "myproject" cluster_name = "cluster-1" location = "europe-west1-b" name = "nodepool-1" } # tftest modules=1 resources=1 ``` ### Internally managed service account There are three different approaches to defining the nodes service account, all depending on the `service_account` variable where the `create` attribute controls creation of a new service account by this module, and the `email` attribute controls the actual service account to use. If you create a new service account, its resource and email (in both plain and IAM formats) are then available in outputs to reference it in other modules or resources. #### GCE default service account To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`. ```hcl module "cluster-1-nodepool-1" { source = "./fabric/modules/gke-nodepool" project_id = "myproject" cluster_name = "cluster-1" location = "europe-west1-b" name = "nodepool-1" } # tftest modules=1 resources=1 ``` #### Externally defined service account To use an existing service account, pass in just the `email` attribute. ```hcl module "cluster-1-nodepool-1" { source = "./fabric/modules/gke-nodepool" project_id = "myproject" cluster_name = "cluster-1" location = "europe-west1-b" name = "nodepool-1" service_account = { email = "foo-bar@myproject.iam.gserviceaccount.com" } } # tftest modules=1 resources=1 ``` #### Auto-created service account To have the module create a service account, set the `create` attribute to `true` and optionally pass the desired account id in `email`. ```hcl module "cluster-1-nodepool-1" { source = "./fabric/modules/gke-nodepool" project_id = "myproject" cluster_name = "cluster-1" location = "europe-west1-b" name = "nodepool-1" service_account = { create = true # optional email = "spam-eggs" } } # tftest modules=1 resources=2 ``` ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [cluster_name](variables.tf#L23) | Cluster name. | string | ✓ | | | [location](variables.tf#L41) | Cluster location. | string | ✓ | | | [project_id](variables.tf#L149) | Cluster project id. | string | ✓ | | | [cluster_id](variables.tf#L17) | Cluster id. Optional, but providing cluster_id is recommended to prevent cluster misconfiguration in some of the edge cases. | string | | null | | [gke_version](variables.tf#L28) | Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. | string | | null | | [labels](variables.tf#L34) | Kubernetes labels applied to each node. | map(string) | | {} | | [max_pods_per_node](variables.tf#L46) | Maximum number of pods per node. | number | | null | | [name](variables.tf#L52) | Optional nodepool name. | string | | null | | [node_config](variables.tf#L58) | Node-level configuration. | object({…}) | | {…} | | [node_count](variables.tf#L97) | Number of nodes per instance group. Initial value can only be changed by recreation, current is ignored when autoscaling is used. | object({…}) | | {…} | | [node_locations](variables.tf#L109) | Node locations. | list(string) | | null | | [nodepool_config](variables.tf#L115) | Nodepool-level configuration. | object({…}) | | null | | [pod_range](variables.tf#L137) | Pod secondary range configuration. | object({…}) | | null | | [reservation_affinity](variables.tf#L154) | Configuration of the desired reservation which instances could take capacity from. | object({…}) | | null | | [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | object({…}) | | {} | | [sole_tenant_nodegroup](variables.tf#L175) | Sole tenant node group. | string | | null | | [tags](variables.tf#L181) | Network tags applied to nodes. | list(string) | | null | | [taints](variables.tf#L187) | Kubernetes taints applied to all nodes. | list(object({…})) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| | [name](outputs.tf#L17) | Nodepool name. | | | [service_account_email](outputs.tf#L22) | Service account email. | | | [service_account_iam_email](outputs.tf#L27) | Service account email. | |