112 lines
4.9 KiB
Markdown
112 lines
4.9 KiB
Markdown
# GKE hub module
|
|
|
|
This module allows simplified creation and management of a GKE Hub object and its features for a given set of clusters. The given list of clusters will be registered inside the Hub and all the configured features will be activated.
|
|
|
|
To use this module you must ensure the following APIs are enabled in the target project:
|
|
```
|
|
"gkehub.googleapis.com"
|
|
"gkeconnect.googleapis.com"
|
|
"anthosconfigmanagement.googleapis.com"
|
|
"multiclusteringress.googleapis.com"
|
|
"multiclusterservicediscovery.googleapis.com"
|
|
```
|
|
|
|
## Full GKE Hub example
|
|
|
|
```hcl
|
|
module "project" {
|
|
source = "./modules/project"
|
|
billing_account = var.billing_account_id
|
|
name = "gkehub-test"
|
|
parent = "folders/12345"
|
|
services = [
|
|
"container.googleapis.com",
|
|
"gkehub.googleapis.com",
|
|
"gkeconnect.googleapis.com",
|
|
"anthosconfigmanagement.googleapis.com",
|
|
"multiclusteringress.googleapis.com",
|
|
"multiclusterservicediscovery.googleapis.com",
|
|
]
|
|
}
|
|
|
|
module "vpc" {
|
|
source = "./modules/net-vpc"
|
|
project_id = module.project.project_id
|
|
name = "network"
|
|
subnets = [{
|
|
ip_cidr_range = "10.0.0.0/24"
|
|
name = "cluster-1"
|
|
region = "europe-west1"
|
|
secondary_ip_range = {
|
|
pods = "10.1.0.0/16"
|
|
services = "10.2.0.0/24"
|
|
}
|
|
}]
|
|
}
|
|
|
|
module "cluster-1" {
|
|
source = "./modules/gke-cluster"
|
|
project_id = module.project.project_id
|
|
name = "cluster-1"
|
|
location = "europe-west1-b"
|
|
network = module.vpc.self_link
|
|
subnetwork = module.vpc.subnet_self_links["europe-west1/cluster-1"]
|
|
secondary_range_pods = "pods"
|
|
secondary_range_services = "services"
|
|
enable_dataplane_v2 = true
|
|
master_authorized_ranges = { rfc1918_10_8 = "10.0.0.0/8" }
|
|
private_cluster_config = {
|
|
enable_private_nodes = true
|
|
enable_private_endpoint = true
|
|
master_ipv4_cidr_block = "192.168.0.0/28"
|
|
master_global_access = false
|
|
}
|
|
}
|
|
|
|
module "hub" {
|
|
source = "./modules/gke-hub"
|
|
project_id = module.project.project_id
|
|
member_clusters = {
|
|
cluster1 = module.cluster-1.id
|
|
}
|
|
member_features = {
|
|
configmanagement = {
|
|
binauthz = true
|
|
config_sync = {
|
|
gcp_service_account_email = null
|
|
https_proxy = null
|
|
policy_dir = "configsync"
|
|
secret_type = "none"
|
|
source_format = "hierarchy"
|
|
sync_branch = "main"
|
|
sync_repo = "https://github.com/danielmarzini/configsync-platform-example"
|
|
sync_rev = null
|
|
}
|
|
hierarchy_controller = null
|
|
policy_controller = null
|
|
version = "1.10.2"
|
|
}
|
|
}
|
|
}
|
|
|
|
# tftest modules=4 resources=13
|
|
```
|
|
<!-- BEGIN TFDOC -->
|
|
|
|
## Variables
|
|
|
|
| name | description | type | required | default |
|
|
|---|---|:---:|:---:|:---:|
|
|
| [project_id](variables.tf#L75) | GKE hub project ID. | <code>string</code> | ✓ | |
|
|
| [features](variables.tf#L17) | GKE hub features to enable. | <code title="object({ configmanagement = bool mc_ingress = bool mc_servicediscovery = bool })">object({…})</code> | | <code title="{ configmanagement = true mc_ingress = false mc_servicediscovery = false }">{…}</code> |
|
|
| [member_clusters](variables.tf#L32) | List for member cluster self links. | <code>map(string)</code> | | <code>{}</code> |
|
|
| [member_features](variables.tf#L39) | Member features for each cluster | <code title="object({ configmanagement = object({ binauthz = bool config_sync = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string source_format = string sync_branch = string sync_repo = string sync_rev = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }) })">object({…})</code> | | <code title="{ configmanagement = null }">{…}</code> |
|
|
|
|
## Outputs
|
|
|
|
| name | description | sensitive |
|
|
|---|---|:---:|
|
|
| [cluster_ids](outputs.tf#L17) | | |
|
|
|
|
<!-- END TFDOC -->
|