├── .gitignore ├── CHANGELOG.md ├── LICENSE ├── README.md ├── main.tf ├── outputs.tf └── variables.tf /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled files 2 | *.tfstate 3 | *.tfstate.backup 4 | 5 | # Module directory 6 | .terraform/ 7 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## [v1.19.1](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/compare/1.17...1.19.1) (Octobrer 29, 2018) 2 | * Delete beta parameters : 3 | * `workload_metadata_config`, 4 | * `private_cluster`, 5 | * `master_ipv4_cidr_block`, 6 | * `pod_security_policy_config`, 7 | * Delete authentification block (password & certificate auto-disabled in Kubernetes 1.12). 8 | 9 | ### Transfert beta repository 10 | * Fix recreate Cluster (workload_metadata_config state) (#20), 11 | * Beta parameters. 12 | 13 | 14 | ## [v1.17](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/compare/1.15...1.17) (September 13, 2018) 15 | * Add new parameter **disk_type** - [d8069fb](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/commit/d8069fb16a3911d43401f75d545f61afeec9e98a) 16 | * Add new parameter **preemptible** - [d8069fb](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/commit/d8069fb16a3911d43401f75d545f61afeec9e98a) 17 | 18 | 19 | ## [v1.15](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/compare/1.13...1.15) (June 30, 2018) 20 | 21 | * Add new parameter **enable_client_certificate** - [1c892dd](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/commit/1c892dde50c66e83d1defa58cd449966e2dcec45) 22 | 23 | 24 | ## [v1.13](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/compare/1.12...1.13) (June 4, 2018) 25 | 26 | * Add new outputs **username** & **password** - [2ee232e (line)](https://github.com/perriea/terraform-google-kubernetes-engine/commit/2ee232e3c2ef3161298cb2c6bbe8f14e8c9cc68a#diff-c09d00f135e3672d079ff6e0556d957dR21) 27 | * Add new value **metadata** (map `default_node_pool`) - [b7128fb (line)](https://github.com/perriea/terraform-google-kubernetes-engine/commit/b7128fb16801085dabcabda8eb82c4f081099ad8#diff-7a370d8342e7203b805911c92454f0f4R122) 28 | * Add new block **workload_metadata_config** (map `default_node_pool`) - [b7128fb (line)](https://github.com/perriea/terraform-google-kubernetes-engine/commit/b7128fb16801085dabcabda8eb82c4f081099ad8#diff-7a370d8342e7203b805911c92454f0f4R124) 29 | * Change default values for [7f7b6b1](https://github.com/perriea/terraform-google-kubernetes-engine/commit/7f7b6b1917d35168f95485ba5bc900ece83dec70) : 30 | * **node_count** (map `default_node_pool`): `2` (before `1`), 31 | * **remove** (map `default_node_pool`): `false` (before `true`). 32 | 33 | 34 | ## [v1.12](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/compare/1.11...1.12) (May 8, 2018) 35 | 36 | * Fix attribution of variables - [a801232 (line)](https://github.com/perriea/terraform-google-kubernetes-engine/commit/a801232e702ac3e4b46a4ada4f815b8717e58e4c#diff-c9ac8098c5ea9d3e6a9a596ff0c512a4R44) 37 | * Add new variables `labels` map and `tags` list - [a801232 (line)](https://github.com/perriea/terraform-google-kubernetes-engine/commit/a801232e702ac3e4b46a4ada4f815b8717e58e4c#diff-c9ac8098c5ea9d3e6a9a596ff0c512a4R81) 38 | * Add new key `service_account` in `default_node_pool` - [a801232 (line)](https://github.com/perriea/terraform-google-kubernetes-engine/commit/a801232e702ac3e4b46a4ada4f815b8717e58e4c#diff-7a370d8342e7203b805911c92454f0f4R123) 39 | 40 | 41 | ## [v1.11](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/compare/1.8...1.11) (May 5, 2018) 42 | 43 | * Change model for key value - [45401b5](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/commit/45401b56f1036893f9d8be96cb754f2aeb18aa0c) 44 | * Full additional pool management - [77ae3cd](https://github.com/google-terraform-modules/terraform-google-kubernetes-engine/commit/77ae3cd15909e034cd72cebb165ce7f997331645) 45 | * Add new inputs of provider (private cluster, remove default pool, node taint ...). See the official [changelog](https://github.com/terraform-providers/terraform-provider-google/blob/master/CHANGELOG.md#1110-may-01-2018) of Google provider. -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017-2018 Google-terraform-modules 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Google Kubernetes Engine (GKE) cluster 2 | 3 | Compatible provider `2.5.0` (**stable**) 4 | 5 | ## Examples 6 | 7 | * 1 cluster, 1 default node pool (2 nodes (10GB/node) n1-standard-1), latest version of Kubernetes for each node, 8 | * Default Google network (`default`). 9 | 10 | ```hcl 11 | module "gke-cluster" { 12 | source = "google-terraform-modules/kubernetes-engine/google" 13 | version = "2.5.0" 14 | 15 | general = { 16 | name = "mycluster" 17 | env = "prod" 18 | location = "europe-west1-b" 19 | } 20 | 21 | master = {} 22 | } 23 | ``` 24 | 25 | * 1 cluster, 1 default node pool (3 nodes & n1-standard-1), 2 extra node pool & latest version of Kubernetes for each node, 26 | * Custom Google network. 27 | 28 | ```hcl 29 | module "gke-cluster" { 30 | source = "google-terraform-modules/kubernetes-engine/google" 31 | version = "2.5.0" 32 | 33 | general = { 34 | name = "mycluster" 35 | env = "prod" 36 | location = "europe-west1-b" 37 | } 38 | 39 | master = { 40 | network = "${google_compute_network.vpc.self_link}" 41 | subnetwork = "${google_compute_subnetwork.subnetwork-tools.self_link}" 42 | } 43 | 44 | default_node_pool = { 45 | node_count = 3 46 | remove = false 47 | } 48 | 49 | # Optional in case we have a default pool 50 | node_pool = [ 51 | { 52 | machine_type = "g1-small" 53 | disk_size_gb = 20 54 | node_count = 3 55 | min_node_count = 2 56 | max_node_count = 4 57 | }, 58 | { 59 | disk_size_gb = 30 60 | node_count = 2 61 | min_node_count = 1 62 | max_node_count = 3 63 | }, 64 | ] 65 | } 66 | ``` 67 | 68 | 69 | ## Inputs 70 | 71 | | Name | Description | Type | Default | Required | 72 | |------|-------------|:----:|:-----:|:-----:| 73 | | default_node_pool | Default pool setting | map | `` | no | 74 | | general | Global parameters | map | - | yes | 75 | | ip_allocation_policy | Configuration for cluster IP allocation. As of now, only pre-allocated subnetworks (custom type with secondary ranges) are supported | list | `` | no | 76 | | labels | The Kubernetes labels (key/value pairs) to be applied to each node | map | `` | no | 77 | | master | Kubernetes master parameters to initialize | map | - | yes | 78 | | node_additional_zones | The list of additional Google Compute Engine locations in which the cluster's nodes should be located. If additional zones are configured, the number of nodes specified in initial_node_count is created in all specified zones | list | `` | no | 79 | | node_pool | Node pool setting to create | list | `` | no | 80 | | tags | The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls | list | `` | no | 81 | 82 | 83 | ## Outputs 84 | 85 | | Name | Description | 86 | |------|-------------| 87 | | client_certificate | Base64 encoded public certificate used by clients to authenticate to the cluster endpoint | 88 | | client_key | Base64 encoded private key used by clients to authenticate to the cluster endpoint | 89 | | cluster_ca_certificate | Base64 encoded public certificate that is the root of trust for the cluster | 90 | | cluster_name | The full name of this Kubernetes cluster | 91 | | endpoint | The IP address of this cluster's Kubernetes master | 92 | | gcr_url | This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project | 93 | | instance_group_urls | List of instance group URLs which have been assigned to the cluster | 94 | | maintenance_window | Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format PTnHnMnS | 95 | | master_version | The current version of the master in the cluster. | 96 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name_prefix = "${var.general["name"]}-${var.general["env"]}" 3 | } 4 | 5 | # This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project. 6 | # https://www.terraform.io/docs/providers/google/d/google_container_registry_repository.html 7 | data "google_container_registry_repository" "registry" {} 8 | 9 | # Provides access to available Google Container Engine versions in a zone for a given project. 10 | # https://www.terraform.io/docs/providers/google/d/google_container_engine_versions.html 11 | data "google_container_engine_versions" "engine_version" { 12 | location = "${var.general["location"]}" 13 | } 14 | 15 | # Manages a Node Pool resource within GKE 16 | # https://www.terraform.io/docs/providers/google/r/container_node_pool.html 17 | resource "google_container_node_pool" "new_container_cluster_node_pool" { 18 | count = "${length(var.node_pool)}" 19 | 20 | name = "${local.name_prefix}-${var.general["zone"]}-pool-${count.index}" 21 | location = "${var.general["location"]}" 22 | node_count = "${lookup(var.node_pool[count.index], "node_count", 3)}" 23 | cluster = "${google_container_cluster.new_container_cluster.name}" 24 | 25 | node_config { 26 | disk_size_gb = "${lookup(var.node_pool[count.index], "disk_size_gb", 10)}" 27 | disk_type = "${lookup(var.node_pool[count.index], "disk_type", "pd-standard")}" 28 | image_type = "${lookup(var.node_pool[count.index], "image", "COS")}" 29 | local_ssd_count = "${lookup(var.node_pool[count.index], "local_ssd_count", 0)}" 30 | machine_type = "${lookup(var.node_pool[count.index], "machine_type", "n1-standard-1")}" 31 | 32 | oauth_scopes = "${split(",", lookup(var.node_pool[count.index], "oauth_scopes", "https://www.googleapis.com/auth/compute,https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring"))}" 33 | preemptible = "${lookup(var.node_pool[count.index], "preemptible", false)}" 34 | service_account = "${lookup(var.node_pool[count.index], "service_account", "default")}" 35 | labels = "${var.labels}" 36 | tags = "${var.tags}" 37 | metadata = "${var.metadata}" 38 | } 39 | 40 | autoscaling { 41 | min_node_count = "${lookup(var.node_pool[count.index], "min_node_count", 2)}" 42 | max_node_count = "${lookup(var.node_pool[count.index], "max_node_count", 3)}" 43 | } 44 | 45 | management { 46 | auto_repair = "${lookup(var.node_pool[count.index], "auto_repair", true)}" 47 | auto_upgrade = "${lookup(var.node_pool[count.index], "auto_upgrade", true)}" 48 | } 49 | } 50 | 51 | # Creates a Google Kubernetes Engine (GKE) cluster 52 | # https://www.terraform.io/docs/providers/google/r/container_cluster.html 53 | resource "google_container_cluster" "new_container_cluster" { 54 | name = "${local.name_prefix}-${var.general["location"]}-master" 55 | description = "Kubernetes ${var.general["name"]} in ${var.general["location"]}" 56 | location = "${var.general["location"]}" 57 | 58 | network = "${lookup(var.master, "network", "default")}" 59 | subnetwork = "${lookup(var.master, "subnetwork", "default")}" 60 | additional_zones = ["${var.node_additional_zones}"] 61 | initial_node_count = "${lookup(var.default_node_pool, "node_count", 2)}" 62 | remove_default_node_pool = "${lookup(var.default_node_pool, "remove", false)}" 63 | 64 | addons_config { 65 | horizontal_pod_autoscaling { 66 | disabled = "${lookup(var.master, "disable_horizontal_pod_autoscaling", false)}" 67 | } 68 | 69 | http_load_balancing { 70 | disabled = "${lookup(var.master, "disable_http_load_balancing", false)}" 71 | } 72 | 73 | kubernetes_dashboard { 74 | disabled = "${lookup(var.master, "disable_kubernetes_dashboard", false)}" 75 | } 76 | 77 | network_policy_config { 78 | disabled = "${lookup(var.master, "disable_network_policy_config", true)}" 79 | } 80 | } 81 | 82 | # cluster_ipv4_cidr - default 83 | enable_kubernetes_alpha = "${lookup(var.master, "enable_kubernetes_alpha", false)}" 84 | enable_legacy_abac = "${lookup(var.master, "enable_legacy_abac", false)}" 85 | ip_allocation_policy = "${var.ip_allocation_policy}" 86 | 87 | maintenance_policy { 88 | daily_maintenance_window { 89 | start_time = "${lookup(var.master, "maintenance_window", "04:30")}" 90 | } 91 | } 92 | 93 | # master_authorized_networks_config - disable (security) 94 | min_master_version = "${lookup(var.master, "version", data.google_container_engine_versions.engine_version.latest_master_version)}" 95 | node_version = "${lookup(var.master, "version", data.google_container_engine_versions.engine_version.latest_node_version)}" 96 | monitoring_service = "${lookup(var.master, "monitoring_service", "none")}" 97 | logging_service = "${lookup(var.master, "logging_service", "logging.googleapis.com")}" 98 | 99 | node_config { 100 | disk_size_gb = "${lookup(var.default_node_pool, "disk_size_gb", 10)}" 101 | disk_type = "${lookup(var.default_node_pool, "disk_type", "pd-standard")}" 102 | image_type = "${lookup(var.default_node_pool, "image", "COS")}" 103 | local_ssd_count = "${lookup(var.default_node_pool, "local_ssd_count", 0)}" 104 | machine_type = "${lookup(var.default_node_pool, "machine_type", "n1-standard-1")}" 105 | # min_cpu_platform - disable (useless) 106 | 107 | # BUG Provider - recreate loop 108 | # guest_accelerator { 109 | # count = "${lookup(var.master, "gpus_number", 0)}" 110 | # type = "${lookup(var.master, "gpus_type", "nvidia-tesla-k80")}" 111 | # } 112 | 113 | oauth_scopes = ["${split(",", lookup(var.default_node_pool, "oauth_scopes", "https://www.googleapis.com/auth/compute,https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring"))}"] 114 | preemptible = "${lookup(var.default_node_pool, "preemptible", false)}" 115 | service_account = "${lookup(var.default_node_pool, "service_account", "default")}" 116 | labels = "${var.labels}" 117 | tags = "${var.tags}" 118 | metadata = "${var.metadata}" 119 | } 120 | } 121 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | output "master_version" { 2 | value = "${google_container_cluster.new_container_cluster.master_version}" 3 | description = "The current version of the master in the cluster." 4 | } 5 | 6 | output "endpoint" { 7 | value = "${google_container_cluster.new_container_cluster.endpoint}" 8 | description = "The IP address of this cluster's Kubernetes master" 9 | } 10 | 11 | output "instance_group_urls" { 12 | value = "${google_container_cluster.new_container_cluster.instance_group_urls}" 13 | description = "List of instance group URLs which have been assigned to the cluster" 14 | } 15 | 16 | output "maintenance_window" { 17 | value = "${google_container_cluster.new_container_cluster.maintenance_policy.0.daily_maintenance_window.0.duration}" 18 | description = "Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format PTnHnMnS" 19 | } 20 | 21 | output "client_key" { 22 | value = "${google_container_cluster.new_container_cluster.master_auth.0.client_key}" 23 | description = "Base64 encoded private key used by clients to authenticate to the cluster endpoint" 24 | } 25 | 26 | output "client_certificate" { 27 | value = "${google_container_cluster.new_container_cluster.master_auth.0.client_certificate}" 28 | description = "Base64 encoded public certificate used by clients to authenticate to the cluster endpoint" 29 | } 30 | 31 | output "cluster_ca_certificate" { 32 | value = "${google_container_cluster.new_container_cluster.master_auth.0.cluster_ca_certificate}" 33 | description = "Base64 encoded public certificate that is the root of trust for the cluster" 34 | } 35 | 36 | output "cluster_name" { 37 | value = "${google_container_cluster.new_container_cluster.name}" 38 | description = "The full name of this Kubernetes cluster" 39 | } 40 | 41 | output "gcr_url" { 42 | value = "${data.google_container_registry_repository.registry.repository_url}" 43 | description = "This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project" 44 | } 45 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | # For more details please see the following pages : 2 | # https://www.terraform.io/docs/providers/google/r/container_cluster.html 3 | # https://www.terraform.io/docs/providers/google/r/container_node_pool.html 4 | # https://www.terraform.io/docs/providers/google/d/google_container_engine_versions.html 5 | # https://www.terraform.io/docs/providers/google/d/google_container_registry_repository.html 6 | 7 | ########################## 8 | ### GKE ### 9 | ########################## 10 | 11 | # Parameters authorized: 12 | # name (mandatory) 13 | # location (mandatory) 14 | # env (mandatory) 15 | variable "general" { 16 | type = "map" 17 | description = "Global parameters" 18 | } 19 | 20 | # Parameters authorized: 21 | # network (default: default) 22 | # subnetwork (default: default) 23 | # disable_horizontal_pod_autoscaling (default: false) 24 | # disable_http_load_balancing (default: false) 25 | # disable_kubernetes_dashboard (default: false) 26 | # disable_network_policy_config (default: true) 27 | # enable_kubernetes_alpha (default: false) 28 | # enable_legacy_abac (default: false) 29 | # maintenance_window (default: 4:30) 30 | # version (default: Data resource) 31 | # monitoring_service (default: none) 32 | # logging_service (default: logging.googleapis.com) 33 | variable "master" { 34 | type = "map" 35 | description = "Kubernetes master parameters to initialize" 36 | } 37 | 38 | # Parameters authorized: 39 | # node_count (default: 2) 40 | # remove (default: false) 41 | # disk_size_gb (default: 10) 42 | # disk_type (default: pd-standard) 43 | # image (default: COS) 44 | # local_ssd_count (default: 0) 45 | # oauth_scopes (default: https://www.googleapis.com/auth/compute,https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring) 46 | # machine_type (default: n1-standard-1) 47 | # preemptible (default: false) 48 | # service_account (default: default) 49 | variable "default_node_pool" { 50 | type = "map" 51 | default = {} 52 | description = "Default pool setting" 53 | } 54 | 55 | # Parameters authorized: 56 | # node_count (default: 3) 57 | # machine_type (default: n1-standard-1) 58 | # disk_size_gb (default: 10) 59 | # preemptible (default: false) 60 | # local_ssd_count (default: 0) 61 | # oauth_scopes (default: https://www.googleapis.com/auth/compute,https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring) 62 | # min_node_count (default: 1) 63 | # max_node_count (default: 3) 64 | # auto_repair (default: true) 65 | # auto_upgrade (default: true) 66 | # metadata (default: {}) 67 | variable "node_pool" { 68 | type = "list" 69 | default = [] 70 | description = "Node pool setting to create" 71 | } 72 | 73 | # https://www.terraform.io/docs/providers/google/r/container_cluster.html#tags 74 | variable "tags" { 75 | type = "list" 76 | default = [] 77 | description = "The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls" 78 | } 79 | 80 | # https://www.terraform.io/docs/providers/google/r/container_cluster.html#labels 81 | variable "labels" { 82 | description = "The Kubernetes labels (key/value pairs) to be applied to each node" 83 | type = "map" 84 | default = {} 85 | } 86 | 87 | # https://www.terraform.io/docs/providers/google/r/container_cluster.html#metadata 88 | variable "metadata" { 89 | description = "The metadata key/value pairs assigned to instances in the cluster" 90 | type = "map" 91 | default = {} 92 | } 93 | 94 | ########################## 95 | ### NODE GKE ### 96 | ########################## 97 | 98 | # https://www.terraform.io/docs/providers/google/r/container_cluster.html#additional_zones 99 | variable "node_additional_zones" { 100 | type = "list" 101 | default = [] 102 | description = "The list of additional Google Compute Engine locations in which the cluster's nodes should be located. If additional zones are configured, the number of nodes specified in initial_node_count is created in all specified zones" 103 | } 104 | 105 | # https://www.terraform.io/docs/providers/google/r/container_cluster.html#ip_allocation_policy 106 | variable "ip_allocation_policy" { 107 | type = "list" 108 | default = [] 109 | description = "Configuration for cluster IP allocation. As of now, only pre-allocated subnetworks (custom type with secondary ranges) are supported" 110 | } 111 | --------------------------------------------------------------------------------