Skip to content

Latest commit

 

History

History
 
 

gke-cluster

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

GKE cluster module

This module allows simplified creation and management of GKE clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.

Example

GKE Cluster

module "cluster-1" {
  source                    = "./modules/gke-cluster"
  project_id                = "myproject"
  name                      = "cluster-1"
  location                  = "europe-west1-b"
  network                   = var.vpc.self_link
  subnetwork                = var.subnet.self_link
  secondary_range_pods      = "pods"
  secondary_range_services  = "services"
  default_max_pods_per_node = 32
  master_authorized_ranges = {
    internal-vms = "10.0.0.0/8"
  }
  private_cluster_config = {
    enable_private_nodes    = true
    enable_private_endpoint = true
    master_ipv4_cidr_block  = "192.168.0.0/28"
    master_global_access    = false
  }
  labels = {
    environment = "dev"
  }
}
# tftest:modules=1:resources=1

GKE Cluster with Dataplane V2 enabled

module "cluster-1" {
  source                    = "./modules/gke-cluster"
  project_id                = "myproject"
  name                      = "cluster-1"
  location                  = "europe-west1-b"
  network                   = var.vpc.self_link
  subnetwork                = var.subnet.self_link
  secondary_range_pods      = "pods"
  secondary_range_services  = "services"
  default_max_pods_per_node = 32
  enable_dataplane_v2       = true
  master_authorized_ranges = {
    internal-vms = "10.0.0.0/8"
  }
  private_cluster_config = {
    enable_private_nodes    = true
    enable_private_endpoint = true
    master_ipv4_cidr_block  = "192.168.0.0/28"
    master_global_access    = false
  }
  labels = {
    environment = "dev"
  }
}
# tftest:modules=1:resources=1

Variables

name description type required default
location Cluster zone or region. string
name Cluster name. string
network Name or self link of the VPC used for the cluster. Use the self link for Shared VPC. string
project_id Cluster project id. string
secondary_range_pods Subnet secondary range name used for pods. string
secondary_range_services Subnet secondary range name used for services. string
subnetwork VPC subnetwork name or self link. string
addons Addons enabled in the cluster (true means enabled). object({...}) ...
authenticator_security_group RBAC security group for Google Groups for GKE, format is [email protected]. string null
cluster_autoscaling Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. object({...}) ...
database_encryption Enable and configure GKE application-layer secrets encryption. object({...}) ...
default_max_pods_per_node Maximum number of pods per node in this cluster. number 110
description Cluster description. string null
enable_autopilot Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) bool false
enable_binary_authorization Enable Google Binary Authorization. bool null
enable_dataplane_v2 Enable Dataplane V2 on the cluster, will disable network_policy addons config bool false
enable_intranode_visibility Enable intra-node visibility to make same node pod to pod traffic visible. bool null
enable_shielded_nodes Enable Shielded Nodes features on all nodes in this cluster. bool null
enable_tpu Enable Cloud TPU resources in this cluster. bool null
labels Cluster resource labels. map(string) null
logging_service Logging service (disable with an empty string). string logging.googleapis.com/kubernetes
maintenance_start_time Maintenance start time in RFC3339 format 'HH:MM', where HH is [00-23] and MM is [00-59] GMT. string 03:00
master_authorized_ranges External Ip address ranges that can access the Kubernetes cluster master through HTTPS. map(string) {}
min_master_version Minimum version of the master, defaults to the version of the most recent official release. string null
monitoring_service Monitoring service (disable with an empty string). string monitoring.googleapis.com/kubernetes
node_locations Zones in which the cluster's nodes are located. list(string) []
peering_config Configure peering with the master VPC for private clusters. object({...}) null
pod_security_policy Enable the PodSecurityPolicy feature. bool null
private_cluster_config Enable and configure private cluster, private nodes must be true if used. object({...}) null
release_channel Release channel for GKE upgrades. string null
resource_usage_export_config Configure the ResourceUsageExportConfig feature. object({...}) ...
vertical_pod_autoscaling Enable the Vertical Pod Autoscaling feature. bool null
workload_identity Enable the Workload Identity feature. bool true

Outputs

name description sensitive
ca_certificate Public certificate of the cluster (base64-encoded).
cluster Cluster resource.
endpoint Cluster endpoint.
location Cluster location.
master_version Master version.
name Cluster name.