History

Ludovico Magnocavallo ee7a615a58 Merge remote-tracking branch 'origin/master' into fast/gke2		2022-06-29 17:06:55 +02:00
..
README.md	Enable WIF issuer in gke-hub	2022-06-08 11:42:04 +02:00
main.tf	Squashing relevant changes from fast-dev-gke-marzi	2022-06-08 11:42:04 +02:00
outputs.tf	Add GKE Hub module to fabric (#540 )	2022-02-28 12:40:48 +01:00
variables.tf	Enable WIF issuer in gke-hub	2022-06-08 11:42:04 +02:00
versions.tf	Bump providers versions and pin versions for tests	2022-06-28 10:20:40 +02:00

README.md

GKE hub module

This module allows simplified creation and management of a GKE Hub object and its features for a given set of clusters. The given list of clusters will be registered inside the Hub and all the configured features will be activated.

To use this module you must ensure the following APIs are enabled in the target project:

"gkehub.googleapis.com"
"gkeconnect.googleapis.com"
"anthosconfigmanagement.googleapis.com"
"multiclusteringress.googleapis.com"
"multiclusterservicediscovery.googleapis.com"

Full GKE Hub example

module "project" {
  source          = "./modules/project"
  billing_account = var.billing_account_id
  name            = "gkehub-test"
  parent          = "folders/12345"
  services = [
    "container.googleapis.com",
    "gkehub.googleapis.com",
    "gkeconnect.googleapis.com",
    "anthosconfigmanagement.googleapis.com",
    "multiclusteringress.googleapis.com",
    "multiclusterservicediscovery.googleapis.com",
  ]
}

module "vpc" {
  source     = "./modules/net-vpc"
  project_id = module.project.project_id
  name       = "network"
  subnets = [{
    ip_cidr_range = "10.0.0.0/24"
    name          = "cluster-1"
    region        = "europe-west1"
    secondary_ip_range = {
      pods     = "10.1.0.0/16"
      services = "10.2.0.0/24"
    }
  }]
}

module "cluster-1" {
  source                   = "./modules/gke-cluster"
  project_id               = module.project.project_id
  name                     = "cluster-1"
  location                 = "europe-west1-b"
  network                  = module.vpc.self_link
  subnetwork               = module.vpc.subnet_self_links["europe-west1/cluster-1"]
  secondary_range_pods     = "pods"
  secondary_range_services = "services"
  enable_dataplane_v2      = true
  master_authorized_ranges = { rfc1918_10_8 = "10.0.0.0/8" }
  private_cluster_config = {
    enable_private_nodes    = true
    enable_private_endpoint = true
    master_ipv4_cidr_block  = "192.168.0.0/28"
    master_global_access    = false
  }
}

module "hub" {
  source     = "./modules/gke-hub"
  project_id = module.project.project_id
  member_clusters = {
    cluster1 = module.cluster-1.id
  }
  member_features = {
    configmanagement = {
      binauthz = true
      config_sync = {
        gcp_service_account_email = null
        https_proxy               = null
        policy_dir                = "configsync"
        secret_type               = "none"
        source_format             = "hierarchy"
        sync_branch               = "main"
        sync_repo                 = "https://github.com/danielmarzini/configsync-platform-example"
        sync_rev                  = null
      }
      hierarchy_controller = null
      policy_controller    = null
      version              = "1.10.2"
    }
  }
}

# tftest modules=4 resources=13

Variables

name	description	type	required	default
project_id	GKE hub project ID.	`string`	✓
features	GKE hub features to enable.	`object({…})`		`{…}`
member_clusters	List for member cluster ids.	`map(string)`		`{}`
member_features	Member features for each cluster	`object({…})`		`{…}`

Outputs

name	description	sensitive
cluster_ids