History

Daniel Marzini e372b50d19 Add GKE Hub module to fabric (#540 ) * GKE Hub initial PR commit * variable management adjust * comments, fixes and alphabetically ordered variables * Update README.md * Update README.md * Update README.md * fix test * resources vs modules still needs some love * remove modules usage * comments, readme update and output * adjusting outputs and README * fix README.md * fix README * adjusted based on comments still need some love in the google_gke_hub_feature_membership variables management * types and variable management * optionally enable required api * Update README.md * reorder locals and use standard formatting * Don't enable services from modules * Use self links for member clusters * Update readme * members_clusters back to map @juliocc let's talk about this cause we saw it together in our call and if I change it to a list than the other resources are not going to work, they need location there too. * Forcing null feature to false due to a bug in provider If a block is set to null the provider will crash with a "panic: interface conversion: interface {} is nil, not map[string]interface {}" a PR will follow * Readme update * Readme.md update * Update README.md * bring back tolist, WIP * Update main.tf * Readme.md update * Update README.md * Update main.tf * Update main.tf * Add id and self_links output to gke-cluster * Use try and make all member feature blocks dynamic/optional * Change member clusters to map * Add gke-hub tests * Address PR comments * Update gke-hub readme Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com> Co-authored-by: Julio Castillo <jccb@google.com>		2022-02-28 12:40:48 +01:00
..
README.md	Add GKE Hub module to fabric (#540 )	2022-02-28 12:40:48 +01:00
main.tf	feat: added missing addons gke (#481 )	2022-02-01 07:23:00 +01:00
outputs.tf	Add GKE Hub module to fabric (#540 )	2022-02-28 12:40:48 +01:00
variables.tf	feat: added missing addons gke (#481 )	2022-02-01 07:23:00 +01:00
versions.tf	Copyright bump (#410 )	2022-01-01 15:52:31 +01:00

README.md

GKE cluster module

This module allows simplified creation and management of GKE clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.

Example

GKE Cluster

module "cluster-1" {
  source                    = "./modules/gke-cluster"
  project_id                = "myproject"
  name                      = "cluster-1"
  location                  = "europe-west1-b"
  network                   = var.vpc.self_link
  subnetwork                = var.subnet.self_link
  secondary_range_pods      = "pods"
  secondary_range_services  = "services"
  default_max_pods_per_node = 32
  master_authorized_ranges = {
    internal-vms = "10.0.0.0/8"
  }
  private_cluster_config = {
    enable_private_nodes    = true
    enable_private_endpoint = true
    master_ipv4_cidr_block  = "192.168.0.0/28"
    master_global_access    = false
  }
  labels = {
    environment = "dev"
  }
}
# tftest modules=1 resources=1

GKE Cluster with Dataplane V2 enabled

module "cluster-1" {
  source                    = "./modules/gke-cluster"
  project_id                = "myproject"
  name                      = "cluster-1"
  location                  = "europe-west1-b"
  network                   = var.vpc.self_link
  subnetwork                = var.subnet.self_link
  secondary_range_pods      = "pods"
  secondary_range_services  = "services"
  default_max_pods_per_node = 32
  enable_dataplane_v2       = true
  master_authorized_ranges = {
    internal-vms = "10.0.0.0/8"
  }
  private_cluster_config = {
    enable_private_nodes    = true
    enable_private_endpoint = true
    master_ipv4_cidr_block  = "192.168.0.0/28"
    master_global_access    = false
  }
  labels = {
    environment = "dev"
  }
}
# tftest modules=1 resources=1

Variables

name	description	type	required	default
location	Cluster zone or region.	`string`	✓
name	Cluster name.	`string`	✓
network	Name or self link of the VPC used for the cluster. Use the self link for Shared VPC.	`string`	✓
project_id	Cluster project id.	`string`	✓
secondary_range_pods	Subnet secondary range name used for pods.	`string`	✓
secondary_range_services	Subnet secondary range name used for services.	`string`	✓
subnetwork	VPC subnetwork name or self link.	`string`	✓
addons	Addons enabled in the cluster (true means enabled).	`object({…})`		`{…}`
authenticator_security_group	RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com.	`string`		`null`
cluster_autoscaling	Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler.	`object({…})`		`{…}`
database_encryption	Enable and configure GKE application-layer secrets encryption.	`object({…})`		`{…}`
default_max_pods_per_node	Maximum number of pods per node in this cluster.	`number`		`110`
description	Cluster description.	`string`		`null`
dns_config	Configuration for Using Cloud DNS for GKE.	`object({…})`		`{…}`
enable_autopilot	Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node).	`bool`		`false`
enable_binary_authorization	Enable Google Binary Authorization.	`bool`		`null`
enable_dataplane_v2	Enable Dataplane V2 on the cluster, will disable network_policy addons config.	`bool`		`false`
enable_intranode_visibility	Enable intra-node visibility to make same node pod to pod traffic visible.	`bool`		`null`
enable_l4_ilb_subsetting	Enable L4ILB Subsetting.	`bool`		`null`
enable_shielded_nodes	Enable Shielded Nodes features on all nodes in this cluster.	`bool`		`null`
enable_tpu	Enable Cloud TPU resources in this cluster.	`bool`		`null`
labels	Cluster resource labels.	`map(string)`		`null`
logging_config	Logging configuration (enabled components).	`list(string)`		`null`
logging_service	Logging service (disable with an empty string).	`string`		`"logging.googleapis.com/kubernetes"`
maintenance_config	Maintenance window configuration.	`object({…})`		`{…}`
master_authorized_ranges	External Ip address ranges that can access the Kubernetes cluster master through HTTPS.	`map(string)`		`{}`
min_master_version	Minimum version of the master, defaults to the version of the most recent official release.	`string`		`null`
monitoring_config	Monitoring configuration (enabled components).	`list(string)`		`null`
monitoring_service	Monitoring service (disable with an empty string).	`string`		`"monitoring.googleapis.com/kubernetes"`
node_locations	Zones in which the cluster's nodes are located.	`list(string)`		`[]`
notification_config	GKE Cluster upgrade notifications via PubSub.	`bool`		`false`
peering_config	Configure peering with the master VPC for private clusters.	`object({…})`		`null`
pod_security_policy	Enable the PodSecurityPolicy feature.	`bool`		`null`
private_cluster_config	Enable and configure private cluster, private nodes must be true if used.	`object({…})`		`null`
release_channel	Release channel for GKE upgrades.	`string`		`null`
resource_usage_export_config	Configure the ResourceUsageExportConfig feature.	`object({…})`		`{…}`
vertical_pod_autoscaling	Enable the Vertical Pod Autoscaling feature.	`bool`		`null`
workload_identity	Enable the Workload Identity feature.	`bool`		`true`

Outputs

name	description	sensitive
ca_certificate	Public certificate of the cluster (base64-encoded).	✓
cluster	Cluster resource.	✓
endpoint	Cluster endpoint.
id	Cluster ID.	✓
location	Cluster location.
master_version	Master version.
name	Cluster name.
notifications	GKE PubSub notifications topic.
self_link	Cluster self link.	✓