171 lines
13 KiB
Markdown
171 lines
13 KiB
Markdown
# GKE cluster Standard module
|
|
|
|
This module allows simplified creation and management of GKE Standard clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
|
|
|
|
## Example
|
|
|
|
### GKE Cluster
|
|
|
|
```hcl
|
|
module "cluster-1" {
|
|
source = "./fabric/modules/gke-cluster-standard"
|
|
project_id = "myproject"
|
|
name = "cluster-1"
|
|
location = "europe-west1-b"
|
|
vpc_config = {
|
|
network = var.vpc.self_link
|
|
subnetwork = var.subnet.self_link
|
|
secondary_range_names = {
|
|
pods = "pods"
|
|
services = "services"
|
|
}
|
|
master_authorized_ranges = {
|
|
internal-vms = "10.0.0.0/8"
|
|
}
|
|
master_ipv4_cidr_block = "192.168.0.0/28"
|
|
}
|
|
max_pods_per_node = 32
|
|
private_cluster_config = {
|
|
enable_private_endpoint = true
|
|
master_global_access = false
|
|
}
|
|
labels = {
|
|
environment = "dev"
|
|
}
|
|
}
|
|
# tftest modules=1 resources=1 inventory=basic.yaml
|
|
```
|
|
|
|
### GKE Cluster with Dataplane V2 enabled
|
|
|
|
```hcl
|
|
module "cluster-1" {
|
|
source = "./fabric/modules/gke-cluster-standard"
|
|
project_id = "myproject"
|
|
name = "cluster-dataplane-v2"
|
|
location = "europe-west1-b"
|
|
vpc_config = {
|
|
network = var.vpc.self_link
|
|
subnetwork = var.subnet.self_link
|
|
secondary_range_names = {
|
|
pods = "pods"
|
|
services = "services"
|
|
}
|
|
master_authorized_ranges = {
|
|
internal-vms = "10.0.0.0/8"
|
|
}
|
|
master_ipv4_cidr_block = "192.168.0.0/28"
|
|
}
|
|
private_cluster_config = {
|
|
enable_private_endpoint = true
|
|
master_global_access = false
|
|
}
|
|
enable_features = {
|
|
dataplane_v2 = true
|
|
workload_identity = true
|
|
}
|
|
labels = {
|
|
environment = "dev"
|
|
}
|
|
}
|
|
# tftest modules=1 resources=1 inventory=dataplane-v2.yaml
|
|
```
|
|
|
|
### Cloud DNS
|
|
|
|
This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns) for GKE Standard clusters.
|
|
|
|
```hcl
|
|
module "cluster-1" {
|
|
source = "./fabric/modules/gke-cluster-standard"
|
|
project_id = var.project_id
|
|
name = "cluster-1"
|
|
location = "europe-west1-b"
|
|
vpc_config = {
|
|
network = var.vpc.self_link
|
|
subnetwork = var.subnet.self_link
|
|
secondary_range_names = { pods = "pods", services = "services" }
|
|
}
|
|
enable_features = {
|
|
dns = {
|
|
provider = "CLOUD_DNS"
|
|
scope = "CLUSTER_SCOPE"
|
|
domain = "gke.local"
|
|
}
|
|
}
|
|
}
|
|
# tftest modules=1 resources=1 inventory=dns.yaml
|
|
```
|
|
|
|
|
|
### Backup for GKE
|
|
|
|
This example shows how to [enable the Backup for GKE agent and configure a Backup Plan](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke) for GKE Standard clusters.
|
|
|
|
```hcl
|
|
module "cluster-1" {
|
|
source = "./fabric/modules/gke-cluster-standard"
|
|
project_id = var.project_id
|
|
name = "cluster-1"
|
|
location = "europe-west1-b"
|
|
vpc_config = {
|
|
network = var.vpc.self_link
|
|
subnetwork = var.subnet.self_link
|
|
secondary_range_names = { pods = "pods", services = "services" }
|
|
}
|
|
backup_configs = {
|
|
enable_backup_agent = true
|
|
backup_plans = {
|
|
"backup-1" = {
|
|
region = "europe-west-2"
|
|
schedule = "0 9 * * 1"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
# tftest modules=1 resources=2 inventory=backup.yaml
|
|
```
|
|
<!-- BEGIN TFDOC -->
|
|
|
|
## Variables
|
|
|
|
| name | description | type | required | default |
|
|
|---|---|:---:|:---:|:---:|
|
|
| [location](variables.tf#L137) | Cluster zone or region. | <code>string</code> | ✓ | |
|
|
| [name](variables.tf#L194) | Cluster name. | <code>string</code> | ✓ | |
|
|
| [project_id](variables.tf#L220) | Cluster project id. | <code>string</code> | ✓ | |
|
|
| [vpc_config](variables.tf#L237) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })">object({…})</code> | ✓ | |
|
|
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ encryption_key = optional(string) include_secrets = optional(bool, true) include_volume_data = optional(bool, true) namespaces = optional(list(string)) region = string schedule = string retention_policy_days = optional(string) retention_policy_lock = optional(bool, false) retention_policy_delete_lock_days = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> |
|
|
| [cluster_autoscaling](variables.tf#L37) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object({ auto_provisioning_defaults = optional(object({ boot_disk_kms_key = optional(string) image_type = optional(string) oauth_scopes = optional(list(string)) service_account = optional(string) })) cpu_limits = optional(object({ min = number max = number })) mem_limits = optional(object({ min = number max = number })) })">object({…})</code> | | <code>null</code> |
|
|
| [description](variables.tf#L58) | Cluster description. | <code>string</code> | | <code>null</code> |
|
|
| [enable_addons](variables.tf#L64) | Addons enabled in the cluster (true means enabled). | <code title="object({ cloudrun = optional(bool, false) config_connector = optional(bool, false) dns_cache = optional(bool, false) gce_persistent_disk_csi_driver = optional(bool, false) gcp_filestore_csi_driver = optional(bool, false) horizontal_pod_autoscaling = optional(bool, false) http_load_balancing = optional(bool, false) istio = optional(object({ enable_tls = bool })) kalm = optional(bool, false) network_policy = optional(bool, false) })">object({…})</code> | | <code title="{ horizontal_pod_autoscaling = true http_load_balancing = true }">{…}</code> |
|
|
| [enable_features](variables.tf#L87) | Enable cluster-level features. Certain features allow configuration. | <code title="object({ binary_authorization = optional(bool, false) dns = optional(object({ provider = optional(string) scope = optional(string) domain = optional(string) })) database_encryption = optional(object({ state = string key_name = string })) dataplane_v2 = optional(bool, false) gateway_api = optional(bool, false) groups_for_rbac = optional(string) intranode_visibility = optional(bool, false) l4_ilb_subsetting = optional(bool, false) mesh_certificates = optional(bool) pod_security_policy = optional(bool, false) resource_usage_export = optional(object({ dataset = string enable_network_egress_metering = optional(bool) enable_resource_consumption_metering = optional(bool) })) shielded_nodes = optional(bool, false) tpu = optional(bool, false) upgrade_notifications = optional(object({ topic_id = optional(string) })) vertical_pod_autoscaling = optional(bool, false) workload_identity = optional(bool, true) })">object({…})</code> | | <code title="{ workload_identity = true }">{…}</code> |
|
|
| [issue_client_certificate](variables.tf#L125) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
|
|
| [labels](variables.tf#L131) | Cluster resource labels. | <code>map(string)</code> | | <code>null</code> |
|
|
| [logging_config](variables.tf#L142) | Logging configuration. | <code>list(string)</code> | | <code>["SYSTEM_COMPONENTS"]</code> |
|
|
| [maintenance_config](variables.tf#L148) | Maintenance window configuration. | <code title="object({ daily_window_start_time = optional(string) recurring_window = optional(object({ start_time = string end_time = string recurrence = string })) maintenance_exclusions = optional(list(object({ name = string start_time = string end_time = string scope = optional(string) }))) })">object({…})</code> | | <code title="{ daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }">{…}</code> |
|
|
| [max_pods_per_node](variables.tf#L171) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> |
|
|
| [min_master_version](variables.tf#L177) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
|
|
| [monitoring_config](variables.tf#L183) | Monitoring components. | <code title="object({ enable_components = optional(list(string)) managed_prometheus = optional(bool) })">object({…})</code> | | <code title="{ enable_components = ["SYSTEM_COMPONENTS"] }">{…}</code> |
|
|
| [node_locations](variables.tf#L199) | Zones in which the cluster's nodes are located. | <code>list(string)</code> | | <code>[]</code> |
|
|
| [private_cluster_config](variables.tf#L206) | Private cluster configuration. | <code title="object({ enable_private_endpoint = optional(bool) master_global_access = optional(bool) peering_config = optional(object({ export_routes = optional(bool) import_routes = optional(bool) project_id = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
|
| [release_channel](variables.tf#L225) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
|
|
| [tags](variables.tf#L231) | Network tags applied to nodes. | <code>list(string)</code> | | <code>null</code> |
|
|
|
|
## Outputs
|
|
|
|
| name | description | sensitive |
|
|
|---|---|:---:|
|
|
| [ca_certificate](outputs.tf#L17) | Public certificate of the cluster (base64-encoded). | ✓ |
|
|
| [cluster](outputs.tf#L23) | Cluster resource. | ✓ |
|
|
| [endpoint](outputs.tf#L29) | Cluster endpoint. | |
|
|
| [id](outputs.tf#L34) | FUlly qualified cluster id. | |
|
|
| [location](outputs.tf#L39) | Cluster location. | |
|
|
| [master_version](outputs.tf#L44) | Master version. | |
|
|
| [name](outputs.tf#L49) | Cluster name. | |
|
|
| [notifications](outputs.tf#L54) | GKE PubSub notifications topic. | |
|
|
| [self_link](outputs.tf#L59) | Cluster self link. | ✓ |
|
|
| [workload_identity_pool](outputs.tf#L65) | Workload identity pool. | |
|
|
|
|
<!-- END TFDOC -->
|