Skip to content

Latest commit

 

History

History

gke

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 

Terraform Google Kubernetes Engine Module

This module handles opinionated Google Cloud Platform Kubernetes Engine cluster creation and configuration with Node Pools, IP MASQ, Network Policy, etc.

This module illustrates how to create a simple private cluster.

Usage

Simple example using the defaults and only the required inputs in the module.

module "gke" {
    source  =  "./modules/gke"
    project_id = "my-exmaple-123"
    network = "default"
    subnetwork = "subnet-01"
    node_pools = [
    {
        name               = "core-pool"
        machine_type       = "n1-standard-4"
        node_locations     = "us-central1-b,us-central1-c"
        min_count          = 1
        max_count          = 15
        local_ssd_count    = 0
        auto_repair        = true
        auto_upgrade       = true
        preemptible        = false
        image_type         = "cos_containerd"
        enable_secure_boot = true
        disk_size_gb       = "200"
        disk_type          = "pd-ssd"
        autoscaling        = "false"
        node_count         = 3
    },
    ]
}

Note: if you deploy in multiplie zones, it will take the number of zones in node_locations * the node_count value. The example would produce 6 nodes if deployed.

Inputs

Name Description Type Default Required
authenticator_security_group The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] string "lsst.cloud" no
cluster_resource_labels The GCE resource labels (a map of key/value pairs) to be applied to the cluster map(string)
{
"environment": "environment",
"owner": "owner_here"
}
no
create_service_account Defines if service account specified to run nodes should be created. bool true no
default_max_pods_per_node The maximum number of pods to schedule per node number 110 no
enable_intranode_visibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network bool true no
enable_private_nodes n/a bool true no
enable_resource_consumption_export Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. bool false no
enable_shielded_nodes Enable Shielded Nodes features on all nodes in this cluster. bool true no
horizontal_pod_autoscaling Enable horizontal pod autoscaling addon bool true no
http_load_balancing Enable httpload balancer addon bool true no
ip_range_pods The VPC network to host the cluster in (required) string "kubernetes-pods" no
ip_range_services The name of the secondary subnet range to use for services string "kubernetes-services" no
logging_service The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none string "logging.googleapis.com/kubernetes" no
maintenance_start_time Time window start for maintenance operations in RFC3339 format string "05:00" no
maintenance_end_time Time window end for maintenance operations in RFC3339 format string "09:00" no
maintenance_recurrence RFC 5545 RRULE for when maintenance windows occur string "FREQ=DAILY" no
master_ipv4_cidr_block n/a string "172.16.0.0/28" no
monitoring_service The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none string "monitoring.googleapis.com/kubernetes" no
name A prefix to the default cluster name string "simple" no
network The VPC network to host the cluster in (required) string n/a yes
network_policy Enable network policy addon bool true no
node_pools List of maps containing node pools list(map(string))
[
{
"auto_repair": true,
"auto_upgrade": true,
"disk_size_gb": "100",
"disk_type": "pd-standard",
"enable_secure_boot": true,
"image_type": "cos_containerd",
"initial_node_count": 5,
"local_ssd_count": 0,
"machine_type": "g1-small",
"max_count": 15,
"min_count": 1,
"name": "core-pool",
"node_locations": "us-central1-b",
"preemptible": false
}
]
no
node_pools_labels Map of maps containing node labels by node-pool name. map(map(string))
{
"all": {
"environment": "environment_here",
"owner": "owner_here"
}
}
no
project_id The project ID to host the cluster in (required) string n/a yes
region Region to deploy cluster string "us-central1" no
regional Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) bool true
no
release_channel The release channel of this cluster. Accepted values are UNSPECIFIED, RAPID, REGULAR and STABLE. Defaults to UNSPECIFIED.
string "STABLE" no
remove_default_node_pool Remove default node pool while setting up the cluster bool true no
skip_provisioners Flag to skip local-exec provisioners bool true no
subnetwork The subnetwork to host the cluster in (required) string n/a yes
zones The zones to host the cluster in (optional if regional cluster / required if zonal) list(string)
[
"us-central1-a"
]
no

Outputs

Name Description
ca_certificate n/a
kubernetes_endpoint n/a
location Cluster location (region if regional cluster zone if zonal cluster)
master_version Current master kubernetes version
name Cluster name
region Cluster region
service_account The default service account used for running nodes.
zones List of zones in which the cluster resides

Private Cluster Requirements, restrictions and limitations

Implementing a private cluster has technical requirements, restrictions and limitations. These are outline in this link

  • One to be aware of is do not overlap with the range 172.17.0.0/16 as this is an IP range Google uses.