113 lines
10 KiB
Markdown
113 lines
10 KiB
Markdown
# GKE cluster module
|
|
|
|
This module allows simplified creation and management of GKE clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
|
|
|
|
## Example
|
|
|
|
### GKE Cluster
|
|
|
|
```hcl
|
|
module "cluster-1" {
|
|
source = "./fabric/modules/gke-cluster"
|
|
project_id = "myproject"
|
|
name = "cluster-1"
|
|
location = "europe-west1-b"
|
|
vpc_config = {
|
|
network = var.vpc.self_link
|
|
subnetwork = var.subnet.self_link
|
|
secondary_range_names = {
|
|
pods = "pods"
|
|
services = "services"
|
|
}
|
|
master_authorized_ranges = {
|
|
internal-vms = "10.0.0.0/8"
|
|
}
|
|
master_ipv4_cidr_block = "192.168.0.0/28"
|
|
}
|
|
max_pods_per_node = 32
|
|
private_cluster_config = {
|
|
enable_private_endpoint = true
|
|
master_global_access = false
|
|
}
|
|
labels = {
|
|
environment = "dev"
|
|
}
|
|
}
|
|
# tftest modules=1 resources=1
|
|
```
|
|
|
|
### GKE Cluster with Dataplane V2 enabled
|
|
|
|
```hcl
|
|
module "cluster-1" {
|
|
source = "./fabric/modules/gke-cluster"
|
|
project_id = "myproject"
|
|
name = "cluster-1"
|
|
location = "europe-west1-b"
|
|
vpc_config = {
|
|
network = var.vpc.self_link
|
|
subnetwork = var.subnet.self_link
|
|
secondary_range_names = {
|
|
pods = "pods"
|
|
services = "services"
|
|
}
|
|
master_authorized_ranges = {
|
|
internal-vms = "10.0.0.0/8"
|
|
}
|
|
master_ipv4_cidr_block = "192.168.0.0/28"
|
|
}
|
|
private_cluster_config = {
|
|
enable_private_endpoint = true
|
|
master_global_access = false
|
|
}
|
|
enable_features = {
|
|
dataplane_v2 = true
|
|
workload_identity = true
|
|
}
|
|
labels = {
|
|
environment = "dev"
|
|
}
|
|
}
|
|
# tftest modules=1 resources=1
|
|
```
|
|
<!-- BEGIN TFDOC -->
|
|
|
|
## Variables
|
|
|
|
| name | description | type | required | default |
|
|
|---|---|:---:|:---:|:---:|
|
|
| [location](variables.tf#L117) | Cluster zone or region. | <code>string</code> | ✓ | |
|
|
| [name](variables.tf#L174) | Cluster name. | <code>string</code> | ✓ | |
|
|
| [project_id](variables.tf#L200) | Cluster project id. | <code>string</code> | ✓ | |
|
|
| [vpc_config](variables.tf#L211) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) })">object({…})</code> | ✓ | |
|
|
| [cluster_autoscaling](variables.tf#L17) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object({ auto_provisioning_defaults = optional(object({ boot_disk_kms_key = optional(string) image_type = optional(string) oauth_scopes = optional(list(string)) service_account = optional(string) })) cpu_limits = optional(object({ min = number max = number })) mem_limits = optional(object({ min = number max = number })) })">object({…})</code> | | <code>null</code> |
|
|
| [description](variables.tf#L38) | Cluster description. | <code>string</code> | | <code>null</code> |
|
|
| [enable_addons](variables.tf#L44) | Addons enabled in the cluster (true means enabled). | <code title="object({ cloudrun = optional(bool, false) config_connector = optional(bool, false) dns_cache = optional(bool, false) gce_persistent_disk_csi_driver = optional(bool, false) gcp_filestore_csi_driver = optional(bool, false) gke_backup_agent = optional(bool, false) horizontal_pod_autoscaling = optional(bool, false) http_load_balancing = optional(bool, false) istio = optional(object({ enable_tls = bool })) kalm = optional(bool, false) network_policy = optional(bool, false) })">object({…})</code> | | <code title="{ horizontal_pod_autoscaling = true http_load_balancing = true }">{…}</code> |
|
|
| [enable_features](variables.tf#L68) | Enable cluster-level features. Certain features allow configuration. | <code title="object({ autopilot = optional(bool, false) binary_authorization = optional(bool, false) cloud_dns = optional(object({ provider = optional(string) scope = optional(string) domain = optional(string) })) database_encryption = optional(object({ state = string key_name = string })) dataplane_v2 = optional(bool, false) groups_for_rbac = optional(string) intranode_visibility = optional(bool, false) l4_ilb_subsetting = optional(bool, false) pod_security_policy = optional(bool, false) resource_usage_export = optional(object({ dataset = string enable_network_egress_metering = optional(bool) enable_resource_consumption_metering = optional(bool) })) shielded_nodes = optional(bool, false) tpu = optional(bool, false) upgrade_notifications = optional(object({ topic_id = optional(string) })) vertical_pod_autoscaling = optional(bool, false) workload_identity = optional(bool, false) })">object({…})</code> | | <code title="{ workload_identity = true }">{…}</code> |
|
|
| [issue_client_certificate](variables.tf#L105) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
|
|
| [labels](variables.tf#L111) | Cluster resource labels. | <code>map(string)</code> | | <code>null</code> |
|
|
| [logging_config](variables.tf#L122) | Logging configuration. | <code>list(string)</code> | | <code>["SYSTEM_COMPONENTS"]</code> |
|
|
| [maintenance_config](variables.tf#L128) | Maintenance window configuration. | <code title="object({ daily_window_start_time = optional(string) recurring_window = optional(object({ start_time = string end_time = string recurrence = string })) maintenance_exclusions = optional(list(object({ name = string start_time = string end_time = string scope = optional(string) }))) })">object({…})</code> | | <code title="{ daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }">{…}</code> |
|
|
| [max_pods_per_node](variables.tf#L151) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> |
|
|
| [min_master_version](variables.tf#L157) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
|
|
| [monitoring_config](variables.tf#L163) | Monitoring components. | <code title="object({ enable_components = optional(list(string)) managed_prometheus = optional(bool) })">object({…})</code> | | <code title="{ enable_components = ["SYSTEM_COMPONENTS"] }">{…}</code> |
|
|
| [node_locations](variables.tf#L179) | Zones in which the cluster's nodes are located. | <code>list(string)</code> | | <code>[]</code> |
|
|
| [private_cluster_config](variables.tf#L186) | Private cluster configuration. | <code title="object({ enable_private_endpoint = optional(bool) master_global_access = optional(bool) peering_config = optional(object({ export_routes = optional(bool) import_routes = optional(bool) project_id = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
|
| [release_channel](variables.tf#L205) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
|
|
|
|
## Outputs
|
|
|
|
| name | description | sensitive |
|
|
|---|---|:---:|
|
|
| [ca_certificate](outputs.tf#L17) | Public certificate of the cluster (base64-encoded). | ✓ |
|
|
| [cluster](outputs.tf#L23) | Cluster resource. | ✓ |
|
|
| [endpoint](outputs.tf#L29) | Cluster endpoint. | |
|
|
| [id](outputs.tf#L34) | Cluster ID. | |
|
|
| [location](outputs.tf#L39) | Cluster location. | |
|
|
| [master_version](outputs.tf#L44) | Master version. | |
|
|
| [name](outputs.tf#L49) | Cluster name. | |
|
|
| [notifications](outputs.tf#L54) | GKE PubSub notifications topic. | |
|
|
| [self_link](outputs.tf#L59) | Cluster self link. | ✓ |
|
|
|
|
<!-- END TFDOC -->
|