135 lines
4.0 KiB
HCL
135 lines
4.0 KiB
HCL
/**
|
|
* Copyright 2024 Google LLC
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
locals {
|
|
_cluster_sa = (
|
|
local.cluster_create
|
|
? module.cluster-service-account.0.email
|
|
: data.google_container_cluster.cluster.0.node_config.0.service_account
|
|
)
|
|
cluster_sa = (
|
|
local._cluster_sa == "default"
|
|
? module.project.service_accounts.default.compute
|
|
: local._cluster_sa
|
|
)
|
|
cluster_sa_roles = [
|
|
"roles/artifactregistry.reader",
|
|
"roles/logging.logWriter",
|
|
"roles/monitoring.metricWriter",
|
|
"roles/monitoring.viewer",
|
|
"roles/stackdriver.resourceMetadata.writer"
|
|
]
|
|
cluster_vpc = (
|
|
local.use_shared_vpc || !local.vpc_create
|
|
# cluster variable configures networking
|
|
? {
|
|
network = try(
|
|
var.cluster_create.vpc.id, null
|
|
)
|
|
secondary_range_names = try(
|
|
var.cluster_create.vpc.secondary_range_names, null
|
|
)
|
|
subnet = try(
|
|
var.cluster_create.vpc.subnet_id, null
|
|
)
|
|
}
|
|
# VPC creation configures networking
|
|
: {
|
|
network = module.vpc.0.id
|
|
secondary_range_names = { pods = "pods", services = "services" }
|
|
subnet = values(module.vpc.0.subnet_ids)[0]
|
|
}
|
|
)
|
|
}
|
|
|
|
data "google_container_cluster" "cluster" {
|
|
count = !local.cluster_create ? 1 : 0
|
|
project = var.project_id
|
|
location = var.region
|
|
name = var.cluster_name
|
|
}
|
|
|
|
module "cluster-service-account" {
|
|
source = "../../../../modules/iam-service-account"
|
|
count = local.cluster_create ? 1 : 0
|
|
project_id = module.project.project_id
|
|
name = var.prefix
|
|
}
|
|
|
|
module "cluster" {
|
|
source = "../../../../modules/gke-cluster-autopilot"
|
|
count = local.cluster_create ? 1 : 0
|
|
project_id = module.project.project_id
|
|
deletion_protection = var.cluster_create.deletion_protection
|
|
name = var.cluster_name
|
|
location = var.region
|
|
vpc_config = {
|
|
network = local.cluster_vpc.network
|
|
subnetwork = local.cluster_vpc.subnet
|
|
secondary_range_names = local.cluster_vpc.secondary_range_names
|
|
master_authorized_ranges = var.cluster_create.master_authorized_ranges
|
|
master_ipv4_cidr_block = var.cluster_create.master_ipv4_cidr_block
|
|
}
|
|
private_cluster_config = {
|
|
enable_private_endpoint = true
|
|
master_global_access = true
|
|
}
|
|
node_config = {
|
|
service_account = module.cluster-service-account.0.email
|
|
}
|
|
labels = var.cluster_create.labels
|
|
release_channel = var.cluster_create.options.release_channel
|
|
backup_configs = {
|
|
enable_backup_agent = var.cluster_create.options.enable_backup_agent
|
|
}
|
|
enable_features = {
|
|
dns = {
|
|
provider = "CLOUD_DNS"
|
|
scope = "CLUSTER_SCOPE"
|
|
domain = "cluster.local"
|
|
}
|
|
cost_management = true
|
|
gateway_api = true
|
|
}
|
|
monitoring_config = {
|
|
enable_api_server_metrics = true
|
|
enable_controller_manager_metrics = true
|
|
enable_scheduler_metrics = true
|
|
}
|
|
logging_config = {
|
|
enable_api_server_logs = true
|
|
enable_scheduler_logs = true
|
|
enable_controller_manager_logs = true
|
|
}
|
|
maintenance_config = {
|
|
daily_window_start_time = "01:00"
|
|
}
|
|
}
|
|
|
|
check "cluster_networking" {
|
|
assert {
|
|
condition = (
|
|
local.use_shared_vpc
|
|
? (
|
|
try(var.cluster_create.vpc.id, null) != null &&
|
|
try(var.cluster_create.vpc.subnet_id, null) != null
|
|
)
|
|
: true
|
|
)
|
|
error_message = "Cluster network and subnetwork are required in shared VPC mode."
|
|
}
|
|
}
|