e372b50d19
* GKE Hub initial PR commit * variable management adjust * comments, fixes and alphabetically ordered variables * Update README.md * Update README.md * Update README.md * fix test * resources vs modules still needs some love * remove modules usage * comments, readme update and output * adjusting outputs and README * fix README.md * fix README * adjusted based on comments still need some love in the google_gke_hub_feature_membership variables management * types and variable management * optionally enable required api * Update README.md * reorder locals and use standard formatting * Don't enable services from modules * Use self links for member clusters * Update readme * members_clusters back to map @juliocc let's talk about this cause we saw it together in our call and if I change it to a list than the other resources are not going to work, they need location there too. * Forcing null feature to false due to a bug in provider If a block is set to null the provider will crash with a "panic: interface conversion: interface {} is nil, not map[string]interface {}" a PR will follow * Readme update * Readme.md update * Update README.md * bring back tolist, WIP * Update main.tf * Readme.md update * Update README.md * Update main.tf * Update main.tf * Add id and self_links output to gke-cluster * Use try and make all member feature blocks dynamic/optional * Change member clusters to map * Add gke-hub tests * Address PR comments * Update gke-hub readme Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com> Co-authored-by: Julio Castillo <jccb@google.com> |
||
---|---|---|
.. | ||
README.md | ||
main.tf | ||
outputs.tf | ||
variables.tf | ||
versions.tf |
README.md
GKE cluster module
This module allows simplified creation and management of GKE clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
Example
GKE Cluster
module "cluster-1" {
source = "./modules/gke-cluster"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_pods = "pods"
secondary_range_services = "services"
default_max_pods_per_node = 32
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
private_cluster_config = {
enable_private_nodes = true
enable_private_endpoint = true
master_ipv4_cidr_block = "192.168.0.0/28"
master_global_access = false
}
labels = {
environment = "dev"
}
}
# tftest modules=1 resources=1
GKE Cluster with Dataplane V2 enabled
module "cluster-1" {
source = "./modules/gke-cluster"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_pods = "pods"
secondary_range_services = "services"
default_max_pods_per_node = 32
enable_dataplane_v2 = true
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
private_cluster_config = {
enable_private_nodes = true
enable_private_endpoint = true
master_ipv4_cidr_block = "192.168.0.0/28"
master_global_access = false
}
labels = {
environment = "dev"
}
}
# tftest modules=1 resources=1
Variables
name | description | type | required | default |
---|---|---|---|---|
location | Cluster zone or region. | string |
✓ | |
name | Cluster name. | string |
✓ | |
network | Name or self link of the VPC used for the cluster. Use the self link for Shared VPC. | string |
✓ | |
project_id | Cluster project id. | string |
✓ | |
secondary_range_pods | Subnet secondary range name used for pods. | string |
✓ | |
secondary_range_services | Subnet secondary range name used for services. | string |
✓ | |
subnetwork | VPC subnetwork name or self link. | string |
✓ | |
addons | Addons enabled in the cluster (true means enabled). | object({…}) |
{…} |
|
authenticator_security_group | RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com. | string |
null |
|
cluster_autoscaling | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) |
{…} |
|
database_encryption | Enable and configure GKE application-layer secrets encryption. | object({…}) |
{…} |
|
default_max_pods_per_node | Maximum number of pods per node in this cluster. | number |
110 |
|
description | Cluster description. | string |
null |
|
dns_config | Configuration for Using Cloud DNS for GKE. | object({…}) |
{…} |
|
enable_autopilot | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node). | bool |
false |
|
enable_binary_authorization | Enable Google Binary Authorization. | bool |
null |
|
enable_dataplane_v2 | Enable Dataplane V2 on the cluster, will disable network_policy addons config. | bool |
false |
|
enable_intranode_visibility | Enable intra-node visibility to make same node pod to pod traffic visible. | bool |
null |
|
enable_l4_ilb_subsetting | Enable L4ILB Subsetting. | bool |
null |
|
enable_shielded_nodes | Enable Shielded Nodes features on all nodes in this cluster. | bool |
null |
|
enable_tpu | Enable Cloud TPU resources in this cluster. | bool |
null |
|
labels | Cluster resource labels. | map(string) |
null |
|
logging_config | Logging configuration (enabled components). | list(string) |
null |
|
logging_service | Logging service (disable with an empty string). | string |
"logging.googleapis.com/kubernetes" |
|
maintenance_config | Maintenance window configuration. | object({…}) |
{…} |
|
master_authorized_ranges | External Ip address ranges that can access the Kubernetes cluster master through HTTPS. | map(string) |
{} |
|
min_master_version | Minimum version of the master, defaults to the version of the most recent official release. | string |
null |
|
monitoring_config | Monitoring configuration (enabled components). | list(string) |
null |
|
monitoring_service | Monitoring service (disable with an empty string). | string |
"monitoring.googleapis.com/kubernetes" |
|
node_locations | Zones in which the cluster's nodes are located. | list(string) |
[] |
|
notification_config | GKE Cluster upgrade notifications via PubSub. | bool |
false |
|
peering_config | Configure peering with the master VPC for private clusters. | object({…}) |
null |
|
pod_security_policy | Enable the PodSecurityPolicy feature. | bool |
null |
|
private_cluster_config | Enable and configure private cluster, private nodes must be true if used. | object({…}) |
null |
|
release_channel | Release channel for GKE upgrades. | string |
null |
|
resource_usage_export_config | Configure the ResourceUsageExportConfig feature. | object({…}) |
{…} |
|
vertical_pod_autoscaling | Enable the Vertical Pod Autoscaling feature. | bool |
null |
|
workload_identity | Enable the Workload Identity feature. | bool |
true |
Outputs
name | description | sensitive |
---|---|---|
ca_certificate | Public certificate of the cluster (base64-encoded). | ✓ |
cluster | Cluster resource. | ✓ |
endpoint | Cluster endpoint. | |
id | Cluster ID. | ✓ |
location | Cluster location. | |
master_version | Master version. | |
name | Cluster name. | |
notifications | GKE PubSub notifications topic. | |
self_link | Cluster self link. | ✓ |