zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/examples/gke-serverless/multitenant-fleet/gke-clusters.tf

117 lines
4.4 KiB
HCL
Raw Blame History

/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
clusters = {
for name, config in var.clusters :
name => merge(config, {
overrides = coalesce(config.overrides, var.cluster_defaults)
})
}
}
module "gke-cluster" {
source = "../../../modules/gke-cluster"
for_each = local.clusters
name = each.key
project_id = module.gke-project-0.project_id
description = each.value.description
location = each.value.location
network = var.vpc_config.vpc_self_link
subnetwork = each.value.net.subnet
secondary_range_pods = each.value.net.pods
secondary_range_services = each.value.net.services
labels = each.value.labels
addons = {
cloudrun_config = each.value.overrides.cloudrun_config
dns_cache_config = true
http_load_balancing = true
gce_persistent_disk_csi_driver_config = true
horizontal_pod_autoscaling = true
config_connector_config = true
kalm_config = false
gcp_filestore_csi_driver_config = each.value.overrides.gcp_filestore_csi_driver_config
gke_backup_agent_config = false
# enable only if enable_dataplane_v2 is changed to false below
network_policy_config = false
istio_config = {
enabled = false
tls = false
}
}
# change these here for all clusters if absolutely needed
authenticator_security_group = var.authenticator_security_group
enable_dataplane_v2 = true
enable_l4_ilb_subsetting = false
enable_intranode_visibility = true
enable_shielded_nodes = true
workload_identity = true
private_cluster_config = {
enable_private_nodes = true
enable_private_endpoint = false
master_ipv4_cidr_block = each.value.net.master_range
master_global_access = true
}
dns_config = each.value.dns_domain == null ? null : {
cluster_dns = "CLOUD_DNS"
cluster_dns_scope = "VPC_SCOPE"
cluster_dns_domain = "${each.key}.${var.dns_domain}"
}
logging_config = ["SYSTEM_COMPONENTS", "WORKLOADS"]
monitoring_config = ["SYSTEM_COMPONENTS", "WORKLOADS"]
peering_config = var.peering_config == null ? null : {
export_routes = var.peering_config.export_routes
import_routes = var.peering_config.import_routes
project_id = var.vpc_config.host_project_id
}
resource_usage_export_config = {
enabled = true
dataset = module.gke-dataset-resource-usage.dataset_id
}
# TODO: the attributes below are "primed" from project-level defaults
# in locals, merge defaults with cluster-level stuff
# TODO(jccb): change fabric module
database_encryption = (
each.value.overrides.database_encryption_key == null
? {
enabled = false
state = null
key_name = null
}
: {
enabled = true
state = "ENCRYPTED"
key_name = each.value.overrides.database_encryption_key
}
)
default_max_pods_per_node = each.value.overrides.max_pods_per_node
master_authorized_ranges = each.value.overrides.master_authorized_ranges
pod_security_policy = each.value.overrides.pod_security_policy
release_channel = each.value.overrides.release_channel
vertical_pod_autoscaling = each.value.overrides.vertical_pod_autoscaling
# dynamic "cluster_autoscaling" {
# for_each = each.value.cluster_autoscaling == null ? {} : { 1 = 1 }
# content {
# enabled = true
# cpu_min = each.value.cluster_autoscaling.cpu_min
# cpu_max = each.value.cluster_autoscaling.cpu_max
# memory_min = each.value.cluster_autoscaling.memory_min
# memory_max = each.value.cluster_autoscaling.memory_max
# }
# }
}
Reference in New Issue View Git Blame Copy Permalink