zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/gke-hub
History
Ludovico Magnocavallo ab646f38ed
Bump provider versions to >= 4.17.0, terraform to >= 1.1.0 (#634) 
* bump provider versions to >= 4.17.0, terraform to >= 1.1.0

* bump teraform version in lint check, edit CHANGELOG
 		2022-04-17 13:55:40 +02:00
..
README.md Add GKE Hub module to fabric (#540) 2022-02-28 12:40:48 +01:00
main.tf Add GKE Hub module to fabric (#540) 2022-02-28 12:40:48 +01:00
outputs.tf Add GKE Hub module to fabric (#540) 2022-02-28 12:40:48 +01:00
variables.tf Add GKE Hub module to fabric (#540) 2022-02-28 12:40:48 +01:00
versions.tf Bump provider versions to >= 4.17.0, terraform to >= 1.1.0 (#634) 2022-04-17 13:55:40 +02:00

README.md

GKE hub module

This module allows simplified creation and management of a GKE Hub object and its features for a given set of clusters. The given list of clusters will be registered inside the Hub and all the configured features will be activated.

To use this module you must ensure the following APIs are enabled in the target project:

"gkehub.googleapis.com"
"gkeconnect.googleapis.com"
"anthosconfigmanagement.googleapis.com"
"multiclusteringress.googleapis.com"
"multiclusterservicediscovery.googleapis.com"

Full GKE Hub example

module "project" {
  source          = "./modules/project"
  billing_account = var.billing_account_id
  name            = "gkehub-test"
  parent          = "folders/12345"
  services = [
    "container.googleapis.com",
    "gkehub.googleapis.com",
    "gkeconnect.googleapis.com",
    "anthosconfigmanagement.googleapis.com",
    "multiclusteringress.googleapis.com",
    "multiclusterservicediscovery.googleapis.com",
  ]
}

module "vpc" {
  source     = "./modules/net-vpc"
  project_id = module.project.project_id
  name       = "network"
  subnets = [{
    ip_cidr_range = "10.0.0.0/24"
    name          = "cluster-1"
    region        = "europe-west1"
    secondary_ip_range = {
      pods     = "10.1.0.0/16"
      services = "10.2.0.0/24"
    }
  }]
}

module "cluster-1" {
  source                   = "./modules/gke-cluster"
  project_id               = module.project.project_id
  name                     = "cluster-1"
  location                 = "europe-west1-b"
  network                  = module.vpc.self_link
  subnetwork               = module.vpc.subnet_self_links["europe-west1/cluster-1"]
  secondary_range_pods     = "pods"
  secondary_range_services = "services"
  enable_dataplane_v2      = true
  master_authorized_ranges = { rfc1918_10_8 = "10.0.0.0/8" }
  private_cluster_config = {
    enable_private_nodes    = true
    enable_private_endpoint = true
    master_ipv4_cidr_block  = "192.168.0.0/28"
    master_global_access    = false
  }
}

module "hub" {
  source     = "./modules/gke-hub"
  project_id = module.project.project_id
  member_clusters = {
    cluster1 = module.cluster-1.id
  }
  member_features = {
    configmanagement = {
      binauthz = true
      config_sync = {
        gcp_service_account_email = null
        https_proxy               = null
        policy_dir                = "configsync"
        secret_type               = "none"
        source_format             = "hierarchy"
        sync_branch               = "main"
        sync_repo                 = "https://github.com/danielmarzini/configsync-platform-example"
        sync_rev                  = null
      }
      hierarchy_controller = null
      policy_controller    = null
      version              = "1.10.2"
    }
  }
}

# tftest modules=4 resources=13

Variables

name description type required default
project_id GKE hub project ID. string
features GKE hub features to enable. object({…}) {…}
member_clusters List for member cluster self links. map(string) {}
member_features Member features for each cluster object({…}) {…}

Outputs

name description sensitive
cluster_ids