117 lines
4.4 KiB
HCL
117 lines
4.4 KiB
HCL
/**
|
|
* Copyright 2022 Google LLC
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
locals {
|
|
clusters = {
|
|
for name, config in var.clusters :
|
|
name => merge(config, {
|
|
overrides = coalesce(config.overrides, var.cluster_defaults)
|
|
})
|
|
}
|
|
}
|
|
|
|
module "gke-cluster" {
|
|
source = "../../../modules/gke-cluster"
|
|
for_each = local.clusters
|
|
name = each.key
|
|
project_id = module.gke-project-0.project_id
|
|
description = each.value.description
|
|
location = each.value.location
|
|
network = var.vpc_config.vpc_self_link
|
|
subnetwork = each.value.net.subnet
|
|
secondary_range_pods = each.value.net.pods
|
|
secondary_range_services = each.value.net.services
|
|
labels = each.value.labels
|
|
addons = {
|
|
cloudrun_config = each.value.overrides.cloudrun_config
|
|
dns_cache_config = true
|
|
http_load_balancing = true
|
|
gce_persistent_disk_csi_driver_config = true
|
|
horizontal_pod_autoscaling = true
|
|
config_connector_config = true
|
|
kalm_config = false
|
|
gcp_filestore_csi_driver_config = each.value.overrides.gcp_filestore_csi_driver_config
|
|
gke_backup_agent_config = false
|
|
# enable only if enable_dataplane_v2 is changed to false below
|
|
network_policy_config = false
|
|
istio_config = {
|
|
enabled = false
|
|
tls = false
|
|
}
|
|
}
|
|
# change these here for all clusters if absolutely needed
|
|
authenticator_security_group = var.authenticator_security_group
|
|
enable_dataplane_v2 = true
|
|
enable_l4_ilb_subsetting = false
|
|
enable_intranode_visibility = true
|
|
enable_shielded_nodes = true
|
|
workload_identity = true
|
|
private_cluster_config = {
|
|
enable_private_nodes = true
|
|
enable_private_endpoint = false
|
|
master_ipv4_cidr_block = each.value.net.master_range
|
|
master_global_access = true
|
|
}
|
|
dns_config = each.value.dns_domain == null ? null : {
|
|
cluster_dns = "CLOUD_DNS"
|
|
cluster_dns_scope = "VPC_SCOPE"
|
|
cluster_dns_domain = "${each.key}.${var.dns_domain}"
|
|
}
|
|
logging_config = ["SYSTEM_COMPONENTS", "WORKLOADS"]
|
|
monitoring_config = ["SYSTEM_COMPONENTS", "WORKLOADS"]
|
|
|
|
peering_config = var.peering_config == null ? null : {
|
|
export_routes = var.peering_config.export_routes
|
|
import_routes = var.peering_config.import_routes
|
|
project_id = var.vpc_config.host_project_id
|
|
}
|
|
resource_usage_export_config = {
|
|
enabled = true
|
|
dataset = module.gke-dataset-resource-usage.dataset_id
|
|
}
|
|
# TODO: the attributes below are "primed" from project-level defaults
|
|
# in locals, merge defaults with cluster-level stuff
|
|
# TODO(jccb): change fabric module
|
|
database_encryption = (
|
|
each.value.overrides.database_encryption_key == null
|
|
? {
|
|
enabled = false
|
|
state = null
|
|
key_name = null
|
|
}
|
|
: {
|
|
enabled = true
|
|
state = "ENCRYPTED"
|
|
key_name = each.value.overrides.database_encryption_key
|
|
}
|
|
)
|
|
default_max_pods_per_node = each.value.overrides.max_pods_per_node
|
|
master_authorized_ranges = each.value.overrides.master_authorized_ranges
|
|
pod_security_policy = each.value.overrides.pod_security_policy
|
|
release_channel = each.value.overrides.release_channel
|
|
vertical_pod_autoscaling = each.value.overrides.vertical_pod_autoscaling
|
|
# dynamic "cluster_autoscaling" {
|
|
# for_each = each.value.cluster_autoscaling == null ? {} : { 1 = 1 }
|
|
# content {
|
|
# enabled = true
|
|
# cpu_min = each.value.cluster_autoscaling.cpu_min
|
|
# cpu_max = each.value.cluster_autoscaling.cpu_max
|
|
# memory_min = each.value.cluster_autoscaling.memory_min
|
|
# memory_max = each.value.cluster_autoscaling.memory_max
|
|
# }
|
|
# }
|
|
}
|