├── .github ├── conventional-commit-lint.yaml ├── release-please.yml ├── renovate.json ├── trusted-contribution.yml └── workflows │ ├── lint.yaml │ └── stale.yml ├── .gitignore ├── CHANGELOG.md ├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── autogen ├── main │ ├── README.md │ ├── cluster.tf.tmpl │ ├── dns.tf.tmpl │ ├── firewall.tf.tmpl │ ├── main.tf.tmpl │ ├── masq.tf.tmpl │ ├── moved.tf.tmpl │ ├── networks.tf.tmpl │ ├── outputs.tf.tmpl │ ├── sa.tf.tmpl │ ├── scripts │ │ └── delete-default-resource.sh │ ├── variables.tf.tmpl │ ├── variables_defaults.tf.tmpl │ └── versions.tf.tmpl └── safer-cluster │ ├── README.md │ ├── main.tf.tmpl │ ├── outputs.tf.tmpl │ ├── variables.tf.tmpl │ └── versions.tf.tmpl ├── autogen_modules.json ├── build └── int.cloudbuild.yaml ├── cluster.tf ├── dns.tf ├── docs ├── private_clusters.md ├── upgrading_to_v10.0.md ├── upgrading_to_v11.0.md ├── upgrading_to_v12.0.md ├── upgrading_to_v13.0.md ├── upgrading_to_v14.0.md ├── upgrading_to_v16.0.md ├── upgrading_to_v19.0.md ├── upgrading_to_v2.0.md ├── upgrading_to_v20.0.md ├── upgrading_to_v21.0.md ├── upgrading_to_v24.0.md ├── upgrading_to_v25.0.md ├── upgrading_to_v26.0.md ├── upgrading_to_v29.0.md ├── upgrading_to_v3.0.md ├── upgrading_to_v30.0.md ├── upgrading_to_v31.0.md ├── upgrading_to_v33.0.md ├── upgrading_to_v34.0.md ├── upgrading_to_v35.0.md ├── upgrading_to_v36.0.md ├── upgrading_to_v37.0.md ├── upgrading_to_v5.0.md ├── upgrading_to_v6.0.md ├── upgrading_to_v7.0.md ├── upgrading_to_v8.0.md └── upgrading_to_v9.0.md ├── examples ├── acm-terraform-blog-part1 │ ├── README.md │ ├── config-root │ │ └── wordpress-bundle.yaml │ └── terraform │ │ ├── gke.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── terraform.tfvars │ │ └── variables.tf ├── acm-terraform-blog-part2 │ ├── README.md │ ├── config-root │ │ ├── audit-config.yaml │ │ ├── cis-k8s-1.5.1 │ │ │ ├── 5.1.1_restrict-clusteradmin-rolebindings.yaml │ │ │ ├── 5.1.3_prohibit-role-wildcard-access.yaml │ │ │ ├── 5.2.1_psp-privileged-container.yaml │ │ │ ├── 5.2.2-5.2.3_psp-host-namespace.yaml │ │ │ ├── 5.2.4_psp-host-network-ports.yaml │ │ │ ├── 5.2.5_psp-allow-privilege-escalation-container.yaml │ │ │ ├── 5.2.6_psp-restrict_root_containers.yaml │ │ │ ├── 5.2.7-5.2.8-5.2.9_psp-capabilities.yaml │ │ │ ├── 5.3.2_require-namespace-network-policies.yaml │ │ │ ├── 5.4.1_no-secrets-as-env-vars.yaml │ │ │ ├── 5.7.2_seccomp-docker-default.yaml │ │ │ ├── 5.7.3_pods-require-security-context.yaml │ │ │ ├── 5.7.4_restrict-default-namespace.yaml │ │ │ ├── Kptfile │ │ │ └── README.md │ │ └── wordpress-bundle.yaml │ └── terraform │ │ ├── gke.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── terraform.tfvars │ │ └── variables.tf ├── acm-terraform-blog-part3 │ ├── README.md │ ├── config-root │ │ ├── Kptfile │ │ ├── audit-config.yaml │ │ ├── cis-k8s-1.5.1 │ │ │ ├── 5.1.1_restrict-clusteradmin-rolebindings.yaml │ │ │ ├── 5.1.3_prohibit-role-wildcard-access.yaml │ │ │ ├── 5.2.1_psp-privileged-container.yaml │ │ │ ├── 5.2.2-5.2.3_psp-host-namespace.yaml │ │ │ ├── 5.2.4_psp-host-network-ports.yaml │ │ │ ├── 5.2.5_psp-allow-privilege-escalation-container.yaml │ │ │ ├── 5.2.6_psp-restrict_root_containers.yaml │ │ │ ├── 5.2.7-5.2.8-5.2.9_psp-capabilities.yaml │ │ │ ├── 5.3.2_require-namespace-network-policies.yaml │ │ │ ├── 5.4.1_no-secrets-as-env-vars.yaml │ │ │ ├── 5.7.2_seccomp-docker-default.yaml │ │ │ ├── 5.7.3_pods-require-security-context.yaml │ │ │ ├── 5.7.4_restrict-default-namespace.yaml │ │ │ ├── Kptfile │ │ │ └── README.md │ │ ├── configconnector.yaml │ │ └── wordpress-bundle.yaml │ └── terraform │ │ ├── gke.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── terraform.tfvars │ │ └── variables.tf ├── autopilot_private_firewalls │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── confidential_safer_cluster │ ├── README.md │ ├── kms.tf │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── deploy_service │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── disable_client_cert │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── island_cluster_anywhere_in_gcp_design │ ├── README.md │ ├── main.tf │ ├── manifests │ │ └── k8s.yaml │ ├── network.tf │ ├── outputs.tf │ ├── router.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── island_cluster_with_vm_router │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── router.tf │ ├── terraform.tfvars │ ├── vars.tf │ └── versions.tf ├── node_pool │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── node_pool_update_variant │ ├── README.md │ ├── data │ │ └── shutdown-script.sh │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── node_pool_update_variant_beta │ ├── README.md │ ├── data │ │ └── shutdown-script.sh │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── node_pool_update_variant_public_beta │ ├── README.md │ ├── data │ │ └── shutdown-script.sh │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── private_zonal_with_networking │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── regional_private_node_pool_oauth_scopes │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── provider.tf │ ├── variables.tf │ └── versions.tf ├── safer_cluster │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── safer_cluster_iap_bastion │ ├── README.md │ ├── apis.tf │ ├── bastion.tf │ ├── cluster.tf │ ├── kms.tf │ ├── network.tf │ ├── outputs.tf │ ├── provider.tf │ ├── templates │ │ └── startup-script.tftpl │ ├── variables.tf │ └── versions.tf ├── shared_vpc │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_autopilot_private │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_autopilot_private_cmek │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_autopilot_private_non_default_sa │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_autopilot_public │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_fleet_app_operator_permissions │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_beta │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_cluster_autoscaling │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_private │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_private_beta │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_private_with_cluster_version │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_with_gateway_api │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_with_ipv6 │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_with_kubeconfig │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_regional_with_networking │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_windows_node_pool │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_zonal_private │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_zonal_with_hub │ ├── README.md │ ├── hub.tf │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── simple_zonal_with_hub_kubeconfig │ ├── README.md │ ├── hub.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── stub_domains │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── stub_domains_private │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── stub_domains_upstream_nameservers │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── upstream_nameservers │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── workload_identity │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── workload_metadata_config │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test_outputs.tf │ ├── variables.tf │ └── versions.tf ├── firewall.tf ├── helpers ├── migrate.py └── migrate7.py ├── main.tf ├── masq.tf ├── metadata.display.yaml ├── metadata.yaml ├── modules ├── auth │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── templates │ │ └── kubeconfig-template.yaml.tpl │ ├── variables.tf │ └── versions.tf ├── beta-autopilot-private-cluster │ ├── README.md │ ├── cluster.tf │ ├── dns.tf │ ├── firewall.tf │ ├── main.tf │ ├── masq.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── moved.tf │ ├── networks.tf │ ├── outputs.tf │ ├── sa.tf │ ├── scripts │ │ ├── delete-default-resource.sh │ │ └── kubectl_wrapper.sh │ ├── variables.tf │ ├── variables_defaults.tf │ └── versions.tf ├── beta-autopilot-public-cluster │ ├── README.md │ ├── cluster.tf │ ├── dns.tf │ ├── firewall.tf │ ├── main.tf │ ├── masq.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── moved.tf │ ├── networks.tf │ ├── outputs.tf │ ├── sa.tf │ ├── scripts │ │ ├── delete-default-resource.sh │ │ └── kubectl_wrapper.sh │ ├── variables.tf │ ├── variables_defaults.tf │ └── versions.tf ├── beta-private-cluster-update-variant │ ├── README.md │ ├── cluster.tf │ ├── dns.tf │ ├── firewall.tf │ ├── main.tf │ ├── masq.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── moved.tf │ ├── networks.tf │ ├── outputs.tf │ ├── sa.tf │ ├── scripts │ │ └── delete-default-resource.sh │ ├── variables.tf │ ├── variables_defaults.tf │ └── versions.tf ├── beta-private-cluster │ ├── README.md │ ├── cluster.tf │ ├── dns.tf │ ├── firewall.tf │ ├── main.tf │ ├── masq.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── moved.tf │ ├── networks.tf │ ├── outputs.tf │ ├── sa.tf │ ├── scripts │ │ └── delete-default-resource.sh │ ├── variables.tf │ ├── variables_defaults.tf │ └── versions.tf ├── beta-public-cluster-update-variant │ ├── README.md │ ├── cluster.tf │ ├── dns.tf │ ├── firewall.tf │ ├── main.tf │ ├── masq.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── moved.tf │ ├── networks.tf │ ├── outputs.tf │ ├── sa.tf │ ├── scripts │ │ └── delete-default-resource.sh │ ├── variables.tf │ ├── variables_defaults.tf │ └── versions.tf ├── beta-public-cluster │ ├── README.md │ ├── cluster.tf │ ├── dns.tf │ ├── firewall.tf │ ├── main.tf │ ├── masq.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── moved.tf │ ├── networks.tf │ ├── outputs.tf │ ├── sa.tf │ ├── scripts │ │ └── delete-default-resource.sh │ ├── variables.tf │ ├── variables_defaults.tf │ └── versions.tf ├── binary-authorization │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── fleet-app-operator-permissions │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── fleet-membership │ ├── README.md │ ├── main.tf │ ├── membership.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── hub-legacy │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── scripts │ │ ├── gke_hub_registration.sh │ │ └── gke_hub_unregister.sh │ ├── variables.tf │ └── versions.tf ├── private-cluster-update-variant │ ├── README.md │ ├── cluster.tf │ ├── dns.tf │ ├── firewall.tf │ ├── main.tf │ ├── masq.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── moved.tf │ ├── networks.tf │ ├── outputs.tf │ ├── sa.tf │ ├── scripts │ │ └── delete-default-resource.sh │ ├── variables.tf │ ├── variables_defaults.tf │ └── versions.tf ├── private-cluster │ ├── README.md │ ├── cluster.tf │ ├── dns.tf │ ├── firewall.tf │ ├── main.tf │ ├── masq.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── moved.tf │ ├── networks.tf │ ├── outputs.tf │ ├── sa.tf │ ├── scripts │ │ └── delete-default-resource.sh │ ├── variables.tf │ ├── variables_defaults.tf │ └── versions.tf ├── safer-cluster-update-variant │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── safer-cluster │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── services │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── workload-identity │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── moved.tf ├── networks.tf ├── outputs.tf ├── sa.tf ├── scripts └── delete-default-resource.sh ├── test ├── .gitignore ├── fixtures │ ├── autopilot_private_firewalls │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── beta_cluster │ │ ├── main.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── confidential_safer_cluster │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── deploy_service │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── disable_client_cert │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── node_pool │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── node_pool_update_variant │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── private_zonal_with_networking │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── safer_cluster │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── safer_cluster_iap_bastion │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── sandbox_enabled │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── shared_vpc │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_autopilot_private │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_autopilot_public │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_fleet_app_operator_permissions │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_regional │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_regional_cluster_autoscaling │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_regional_private │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_regional_private_with_cluster_version │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_regional_with_gateway_api │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_regional_with_ipv6 │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_regional_with_kubeconfig │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_regional_with_networking │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_windows_node_pool │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── simple_zonal_private │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── stub_domains │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── stub_domains_private │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── stub_domains_upstream_nameservers │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── upstream_nameservers │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── workload_identity │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── workload_metadata_config │ │ ├── example.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── integration │ ├── autopilot_private_firewalls │ │ ├── autopilot_private_firewalls_test.go │ │ └── testdata │ │ │ └── TestAutopilotPrivateFirewalls.json │ ├── beta_cluster │ │ ├── beta_cluster_test.go │ │ └── testdata │ │ │ └── TestBetaCluster.json │ ├── confidential_safer_cluster │ │ ├── confidential_safer_cluster_test.go │ │ └── testdata │ │ │ └── TestConfidentialSaferCluster.json │ ├── deploy_service │ │ └── deploy_service_test.go │ ├── disable_client_cert │ │ ├── disable_client_cert_test.go │ │ └── testdata │ │ │ └── TestDisableClientCert.json │ ├── discover_test.go │ ├── go.mod │ ├── go.sum │ ├── node_pool │ │ ├── node_pool_test.go │ │ └── testdata │ │ │ └── TestNodePool.json │ ├── private_zonal_with_networking │ │ ├── private_zonal_with_networking_test.go │ │ └── testdata │ │ │ └── TestPrivateZonalWithNetworking.json │ ├── safer_cluster │ │ ├── safer_cluster_test.go │ │ └── testdata │ │ │ └── TestSaferCluster.json │ ├── safer_cluster_iap_bastion │ │ └── safer_cluster_iap_bastion_test.go │ ├── sandbox_enabled │ │ ├── sandbox_enabled_test.go │ │ └── testdata │ │ │ └── TestSandboxEnabled.json │ ├── shared_vpc │ │ └── shared_vpc_test.go │ ├── simple_autopilot_private │ │ ├── simple_autopilot_private_test.go │ │ └── testdata │ │ │ └── TestSimpleAutopilotPrivate.json │ ├── simple_autopilot_private_cmek │ │ └── simple_autopilot_private_cmek_test.go │ ├── simple_autopilot_private_non_default_sa │ │ └── simple_autopilot_private_non_default_sa_test.go │ ├── simple_autopilot_public │ │ ├── simple_autopiliot_public_test.go │ │ └── testdata │ │ │ └── TestSimpleAutopilotPublic.json │ ├── simple_fleet_app_operator_permissions │ │ └── simple_fleet_app_operator_permissions_test.go │ ├── simple_regional │ │ ├── simple_regional_test.go │ │ └── testdata │ │ │ └── TestSimpleRegional.json │ ├── simple_regional_cluster_autoscaling │ │ ├── simple_regional_cluster_autoscaling_test.go │ │ └── testdata │ │ │ └── TestSimpleRegionalClusterAutoscaling.json │ ├── simple_regional_private │ │ ├── simple_regional_private_test.go │ │ └── testdata │ │ │ └── TestSimpleRegionalPrivate.json │ ├── simple_regional_with_gateway_api │ │ ├── simple_regional_with_gateway_api_test.go │ │ └── testdata │ │ │ └── TestSimpleRegionalWithGatewayAPI.json │ ├── simple_regional_with_ipv6 │ │ ├── simple_regional_with_ipv6_test.go │ │ └── testdata │ │ │ └── TestSimpleRegionalWithIPV6.json │ ├── simple_regional_with_kubeconfig │ │ ├── simple_regional_with_kubeconfig_test.go │ │ └── testdata │ │ │ └── TestSimpleRegionalWithKubeConfig.json │ ├── simple_regional_with_networking │ │ ├── simple_regional_with_networking_test.go │ │ └── testdata │ │ │ └── TestSimpleRegionalWithNetworking.json │ ├── simple_windows_node_pool │ │ ├── simple_windows_node_pool_test.go │ │ └── testdata │ │ │ └── TestSimpleWindowsNodePool.json │ ├── simple_zonal_private │ │ ├── simple_zonal_private_test.go │ │ └── testdata │ │ │ └── TestSimpleZonalPrivate.json │ ├── stub_domains │ │ ├── stub_domains_test.go │ │ └── testdata │ │ │ └── TestStubDomains.json │ ├── stub_domains_private │ │ ├── stub_domains_private_test.go │ │ └── testdata │ │ │ └── TestStubDomainsPrivate.json │ ├── stub_domains_upstream_nameservers │ │ ├── stub_domains_upstream_nameservers_test.go │ │ └── testdata │ │ │ └── TestStubDomainsUpstreamNameservers.json │ ├── testutils │ │ └── utils.go │ ├── upstream_nameservers │ │ ├── testdata │ │ │ └── TestUpstreamNameservers.json │ │ └── upstream_nameservers_test.go │ ├── workload_identity │ │ └── workload_identity_test.go │ └── workload_metadata_config │ │ ├── testdata │ │ └── TestWorkloadMetadataConfig.json │ │ └── workload_metadata_config_test.go └── setup │ ├── .gitignore │ ├── iam.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── variables.tf ├── variables_defaults.tf └── versions.tf /.github/conventional-commit-lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | enabled: true 19 | always_check_pr_title: true 20 | -------------------------------------------------------------------------------- /.github/release-please.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | releaseType: terraform-module 16 | handleGHRelease: true 17 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": ["github>GoogleCloudPlatform/cloud-foundation-toolkit//infra/terraform/test-org/github/resources/renovate"] 4 | } 5 | -------------------------------------------------------------------------------- /.github/trusted-contribution.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2023-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | annotations: 19 | - type: comment 20 | text: "/gcbrun" 21 | trustedContributors: 22 | - release-please[bot] 23 | - renovate[bot] 24 | - renovate-bot 25 | - forking-renovate[bot] 26 | - dependabot[bot] 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # OSX trash 5 | .DS_Store 6 | 7 | # Python 8 | *.pyc 9 | 10 | # Emacs save files 11 | *~ 12 | \#*\# 13 | .\#* 14 | 15 | # Vim-related files 16 | [._]*.s[a-w][a-z] 17 | [._]s[a-w][a-z] 18 | *.un~ 19 | Session.vim 20 | .netrwhist 21 | 22 | # IntelliJ IDEA files: 23 | .idea/ 24 | 25 | # Visual Studio Code files: 26 | .vscode/ 27 | 28 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore 29 | 30 | # Local .terraform directories 31 | **/.terraform/* 32 | 33 | # .tfstate files 34 | *.tfstate 35 | *.tfstate.* 36 | 37 | # tf lock file 38 | .terraform.lock.hcl 39 | 40 | # Top level lock used by the test tooling 41 | /.terraform.lock 42 | 43 | # Crash log files 44 | crash.log 45 | 46 | # Kitchen files 47 | **/inspec.lock 48 | **.gem 49 | **/.kitchen 50 | **/.kitchen.local.yml 51 | **/Gemfile.lock 52 | 53 | test/fixtures/shared/terraform.tfvars 54 | 55 | test/integration/gcloud/config.sh 56 | test/integration/tmp 57 | 58 | credentials.json 59 | 60 | # File to populate env vars used by Docker test runs 61 | .envrc 62 | 63 | # ignore generated ASM yamls in /workspace/test/fixtures/simple_zonal_with_asm 64 | # as it is a test in a production scenario these files are expected to be checked in 65 | /test/fixtures/simple_zonal_with_asm/asm-dir 66 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # NOTE: This file is automatically generated from values at: 2 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf 3 | 4 | * @terraform-google-modules/cft-admins @apeabody @ericyz 5 | 6 | # NOTE: GitHub CODEOWNERS locations: 7 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection 8 | 9 | CODEOWNERS @terraform-google-modules/cft-admins 10 | .github/CODEOWNERS @terraform-google-modules/cft-admins 11 | docs/CODEOWNERS @terraform-google-modules/cft-admins 12 | 13 | -------------------------------------------------------------------------------- /autogen/main/networks.tf.tmpl: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | {{ autogeneration_note }} 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | {% if private_cluster %} 29 | data "google_compute_subnetwork" "private_endpoint_subnetwork" { 30 | provider = google 31 | 32 | count = var.private_endpoint_subnetwork != null ? 1 : 0 33 | name = var.private_endpoint_subnetwork 34 | region = local.region 35 | project = local.network_project_id 36 | } 37 | {% endif %} 38 | -------------------------------------------------------------------------------- /autogen/safer-cluster/versions.tf.tmpl: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | {{ autogeneration_note }} 18 | 19 | {% set module_path_str = module_path|string %} 20 | {% set module_registry_name = module_path_str.split('/')[-1] %} 21 | 22 | terraform { 23 | required_version = ">=1.3" 24 | 25 | provider_meta "google-beta" { 26 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v36.3.0" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /docs/upgrading_to_v16.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v16.0 2 | 3 | The v16.0 release of *kubernetes-engine* is a backwards incompatible release. 4 | 5 | ### cluster_autoscaling modified 6 | The `cluster_autoscaling` variable has been modified to require a `gpu_resources` value. If you have enabled `cluster_autoscaling` and do not require `gpu_resources`, you can set it to an empty list as shown below. 7 | 8 | ```diff 9 | module "gke" { 10 | source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" 11 | - version = "~> 15.0" 12 | + version = "~> 16.0" 13 | 14 | cluster_autoscaling = { 15 | enabled = true 16 | autoscaling_profile = "BALANCED" 17 | min_cpu_cores = 1 18 | max_cpu_cores = 100 19 | min_memory_gb = 1 20 | max_memory_gb = 1000 21 | + gpu_resources = [] 22 | } 23 | } 24 | ``` 25 | -------------------------------------------------------------------------------- /docs/upgrading_to_v26.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v26.0 2 | The v26.0 release of *kubernetes-engine* is a backwards incompatible 3 | release. 4 | 5 | ### release_channel now defaults to REGULAR 6 | 7 | For all clusters `release_channel` now defaults to `REGULAR`, this was already 8 | the default for safer_cluster variants. 9 | 10 | To opt out of using a release channel, set `release_channel` to `"UNSPECIFIED"`. 11 | 12 | ```diff 13 | module "gke" { 14 | - source = "terraform-google-modules/kubernetes-engine" 15 | - version = "~> 25.0" 16 | + source = "terraform-google-modules/kubernetes-engine" 17 | + version = "~> 26.0" 18 | ... 19 | + release_channel = "UNSPECIFIED" 20 | } 21 | ``` 22 | -------------------------------------------------------------------------------- /docs/upgrading_to_v30.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v30.0 2 | The v30.0 release of *kubernetes-engine* is a backwards incompatible 3 | release. 4 | 5 | ### Default cluster service account permissions modified 6 | 7 | When `create_service_account` is `true`, the service account will now be created with `Kubernetes Engine Default Node Service Account` role instead of `Kubernetes Engine Node Service Account` roles which is deprecated now. 8 | This is the Google recommended least privileged role to be used for the service account attached to the GKE Nodes. 9 | -------------------------------------------------------------------------------- /docs/upgrading_to_v31.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v31.0 2 | The v31.0 release of *kubernetes-engine* is a backwards incompatible release. 3 | 4 | ### Google Cloud Platform Provider upgrade 5 | The Terraform Kubernetes Engine Module now requires version 5.25 or higher of the Google Cloud Platform Providers. 6 | -------------------------------------------------------------------------------- /docs/upgrading_to_v33.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v33.0 2 | The v33.0 release of *kubernetes-engine* is a backwards incompatible release. 3 | 4 | ### Private Cluster Defaults 5 | All private-cluster modules now set `enable_private_nodes` to `true` by default. 6 | To opt out, set `enable_private_nodes` to `false`. 7 | 8 | ```diff 9 | module "cluster" { 10 | - version = "~> 32.0" 11 | + version = "~> 33.0" 12 | 13 | + enable_private_nodes = false 14 | } 15 | ``` 16 | 17 | ### Autopilot Cluster GCFS Default 18 | Autopilot cluster modules now set `enable_gcfs` to `true` by default to 19 | aligned with TPGv6. To maintain the previous provider default behavior, set 20 | `enable_gcfs` to `null`. 21 | 22 | ```diff 23 | module "cluster" { 24 | - version = "~> 32.0" 25 | + version = "~> 33.0" 26 | 27 | + enable_gcfs = null 28 | } 29 | ``` 30 | 31 | ### Advanced Datapath Observability Relay 32 | The `monitoring_observability_metrics_relay_mode` parameter has been 33 | replaced with `monitoring_enable_observability_relay`. 34 | 35 | ```diff 36 | module "cluster" { 37 | - version = "~> 32.0" 38 | + version = "~> 33.0" 39 | 40 | - monitoring_observability_metrics_relay_mode = "INTERNAL_VPC_LB" 41 | + monitoring_enable_observability_relay = true 42 | } 43 | ``` 44 | -------------------------------------------------------------------------------- /docs/upgrading_to_v37.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v37.0 2 | The v37.0 release of *kubernetes-engine* is a backwards incompatible release. 3 | 4 | ### Google Cloud Platform Provider upgrade 5 | The Terraform Kubernetes Engine Module now requires version 6.38 or higher of the Google Cloud Platform Providers. 6 | 7 | ### Private Cluster DNS Allow External Traffic 8 | DNS allow external traffic is now controlled solely by `dns_allow_external_traffic` for private clusters. 9 | To enable, set `dns_allow_external_traffic` to `true`. 10 | 11 | ```diff 12 | module "cluster" { 13 | - version = "~> 36.0" 14 | + version = "~> 37.0" 15 | 16 | + dns_allow_external_traffic = true 17 | } 18 | ``` 19 | -------------------------------------------------------------------------------- /docs/upgrading_to_v6.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v6.0 2 | 3 | The v6.0 release of *kubernetes-engine* is a backwards incompatible 4 | release. 5 | 6 | ## Dropped support 7 | Due to changes in GKE, the module has dropped support for setting the `kubernetes_dashboard` variable. 8 | 9 | Additionally, support for Google provider versions older than v2.18 has been removed. 10 | 11 | ## Migration Instructions 12 | 13 | ### Master Authorized Networks 14 | Previously, setting up master authorized networks required setting a nested config within `master_authorized_networks_config`. 15 | Now, to set up master authorized networks you can simply pass a list of authorized networks. 16 | 17 | ```diff 18 | module "kubernetes_engine_private_cluster" { 19 | source = "terraform-google-modules/kubernetes-engine/google" 20 | - version = "~> 5.0" 21 | + version = "~> 6.0" 22 | 23 | - master_authorized_networks_config = [ 24 | + master_authorized_networks = [ 25 | { 26 | - cidr_blocks = [ 27 | - { 28 | - cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range 29 | - display_name = "VPC" 30 | - }, 31 | - ] 32 | + cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range 33 | + display_name = "VPC" 34 | }, 35 | ] 36 | } 37 | ``` 38 | -------------------------------------------------------------------------------- /docs/upgrading_to_v8.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v8.0 2 | 3 | The v8.0 release of *kubernetes-engine* is a backwards incompatible 4 | release. 5 | 6 | ## Workload Identity (beta) 7 | Beta clusters now have Workload Identity enabled by default. To disable Workload Identity, set `identity_namespace = null` 8 | 9 | ## Shielded Nodes (beta) 10 | Beta clusters now have shielded nodes enabled by default. To disable, set `enable_shielded_nodes = false` 11 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part1/terraform/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "cluster_location" { 18 | value = module.gke.location 19 | } 20 | 21 | output "cluster_name" { 22 | value = module.gke.name 23 | } 24 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part1/terraform/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google-beta = { 20 | source = "hashicorp/google-beta" 21 | } 22 | } 23 | } 24 | provider "google-beta" { 25 | project = var.project 26 | region = var.region 27 | zone = var.zone 28 | } 29 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part1/terraform/terraform.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | region = "us-central1" 18 | zone = "us-central1-c" 19 | sync_repo = "https://github.com/terraform-google-modules/terraform-google-kubernetes-engine.git" 20 | sync_branch = "master" 21 | policy_dir = "examples/acm-terraform-blog-part1/config-root" 22 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/audit-config.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: config.gatekeeper.sh/v1alpha1 16 | kind: Config 17 | metadata: 18 | name: config 19 | namespace: "gatekeeper-system" 20 | spec: 21 | match: 22 | - excludedNamespaces: [ 23 | "kube-system", 24 | "kube-public", 25 | "kube-node-lease", 26 | "config-management-system", 27 | "config-management-monitoring", 28 | "gatekeeper-system", 29 | "resource-group-system" 30 | ] 31 | processes: ["audit"] 32 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.1.3_prohibit-role-wildcard-access.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sProhibitRoleWildcardAccess 17 | metadata: # kpt-merge: /prohibit-role-wildcard-access 18 | name: prohibit-role-wildcard-access 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Restricts use of wildcards in Roles and ClusterRoles." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.2.1_psp-privileged-container.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sPSPPrivilegedContainer 17 | metadata: # kpt-merge: /psp-privileged-container 18 | name: psp-privileged-container 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Restricts containers with `securityContext.privileged` set to `true`." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | match: 25 | kinds: 26 | - apiGroups: 27 | - '' 28 | kinds: 29 | - Pod 30 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.2.2-5.2.3_psp-host-namespace.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sPSPHostNamespace 17 | metadata: # kpt-merge: /psp-host-namespace 18 | name: psp-host-namespace 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Prohibits containers from running with `hostPID` or `hostIPC` set to `true`." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | match: 25 | kinds: 26 | - apiGroups: [""] 27 | kinds: ["Pod"] 28 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.2.4_psp-host-network-ports.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sPSPHostNetworkingPorts 17 | metadata: # kpt-merge: /psp-host-network-ports 18 | name: psp-host-network-ports 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Restricts containers from rnuning with the `hostNetwork` flag set to `true`." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | match: 25 | kinds: 26 | - apiGroups: [""] 27 | kinds: ["Pod"] 28 | parameters: 29 | hostNetwork: true 30 | #min: 80 31 | #max: 9000 32 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.2.5_psp-allow-privilege-escalation-container.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sPSPAllowPrivilegeEscalationContainer 17 | metadata: # kpt-merge: /psp-allow-privilege-escalation-container 18 | name: psp-allow-privilege-escalation-container 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Restricts containers with `allowPrivilegeEscalation` set to `true`." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | match: 25 | kinds: 26 | - apiGroups: [""] 27 | kinds: ["Pod"] 28 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.2.6_psp-restrict_root_containers.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sPSPAllowedUsers 17 | metadata: # kpt-merge: /psp-pods-must-run-as-nonroot 18 | name: psp-pods-must-run-as-nonroot 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Restricts containers from running as the root user." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | match: 25 | kinds: 26 | - apiGroups: [""] 27 | kinds: ["Pod"] 28 | parameters: 29 | runAsUser: 30 | rule: MustRunAsNonRoot 31 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.3.2_require-namespace-network-policies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sRequireNamespaceNetworkPolicies 17 | metadata: # kpt-merge: /require-namespace-network-policies 18 | name: require-namespace-network-policies 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Requires that every namespace defined in the cluster has a NetworkPolicy." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.4.1_no-secrets-as-env-vars.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sNoEnvVarSecrets 17 | metadata: # kpt-merge: /no-secrets-as-env-vars 18 | name: no-secrets-as-env-vars 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Prohibits secrets as environment variables in container definitions; instead, use mounted secret files in data volumes." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.7.2_seccomp-docker-default.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sPSPSeccomp 17 | metadata: # kpt-merge: /psp-seccomp-docker-default 18 | name: psp-seccomp-docker-default 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Requires that Pods have seccomp profile set to `docker/default`." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | match: 25 | kinds: 26 | - apiGroups: [""] 27 | kinds: ["Pod"] 28 | parameters: 29 | allowedProfiles: 30 | - docker/default 31 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.7.3_pods-require-security-context.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sPodsRequireSecurityContext 17 | metadata: # kpt-merge: /pods-require-security-context 18 | name: pods-require-security-context 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Requires that Pods must have a `securityContext` defined." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/5.7.4_restrict-default-namespace.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1beta1 16 | kind: K8sRestrictNamespaces 17 | metadata: # kpt-merge: /restrict-default-namespace 18 | name: restrict-default-namespace 19 | annotations: 20 | # This constraint is not certified by CIS. 21 | description: "Restricts resources from using the `default` namespace." 22 | spec: 23 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 24 | parameters: 25 | restrictedNamespaces: 26 | - default 27 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/config-root/cis-k8s-1.5.1/README.md: -------------------------------------------------------------------------------- 1 | CIS Kubernetes Benchmark v.1.5.1 2 | ================================================== 3 | 4 | ## Description 5 | 6 | These constraints are intended to address the recommendations the CIS Kubernetes Benchmark v.1.5.1. They have not been certified by CIS. 7 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/terraform/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "cluster_location" { 18 | value = module.gke.location 19 | } 20 | 21 | output "cluster_name" { 22 | value = module.gke.name 23 | } 24 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/terraform/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google-beta = { 20 | source = "hashicorp/google-beta" 21 | } 22 | } 23 | } 24 | provider "google-beta" { 25 | project = var.project 26 | region = var.region 27 | zone = var.zone 28 | } 29 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part2/terraform/terraform.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | region = "us-central1" 18 | zone = "us-central1-c" 19 | sync_repo = "https://github.com/terraform-google-modules/terraform-google-kubernetes-engine.git" 20 | sync_branch = "master" 21 | policy_dir = "examples/acm-terraform-blog-part2/config-root" 22 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/Kptfile: -------------------------------------------------------------------------------- 1 | apiVersion: kpt.dev/v1 2 | kind: Kptfile 3 | metadata: 4 | name: WordPress powered by Google Cloud SQL 5 | info: 6 | description: create a WordPress in a container and connect it to a GCP-managed MySQL database 7 | pipeline: 8 | mutators: 9 | - image: gcr.io/kpt-fn/apply-setters:v0.1 10 | configMap: 11 | project-id: "" 12 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/audit-config.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: config.gatekeeper.sh/v1alpha1 15 | kind: Config 16 | metadata: 17 | name: config 18 | namespace: "gatekeeper-system" 19 | spec: 20 | match: 21 | - excludedNamespaces: ["kube-system", "kube-public", "kube-node-lease", "config-management-system", "config-management-monitoring", "gatekeeper-system", "resource-group-system"] 22 | processes: ["audit"] 23 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.1.3_prohibit-role-wildcard-access.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sProhibitRoleWildcardAccess 16 | metadata: # kpt-merge: /prohibit-role-wildcard-access 17 | name: prohibit-role-wildcard-access 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Restricts use of wildcards in Roles and ClusterRoles." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.2.1_psp-privileged-container.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sPSPPrivilegedContainer 16 | metadata: # kpt-merge: /psp-privileged-container 17 | name: psp-privileged-container 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Restricts containers with `securityContext.privileged` set to `true`." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | match: 24 | kinds: 25 | - apiGroups: 26 | - '' 27 | kinds: 28 | - Pod 29 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.2.2-5.2.3_psp-host-namespace.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sPSPHostNamespace 16 | metadata: # kpt-merge: /psp-host-namespace 17 | name: psp-host-namespace 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Prohibits containers from running with `hostPID` or `hostIPC` set to `true`." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | match: 24 | kinds: 25 | - apiGroups: [""] 26 | kinds: ["Pod"] 27 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.2.4_psp-host-network-ports.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sPSPHostNetworkingPorts 16 | metadata: # kpt-merge: /psp-host-network-ports 17 | name: psp-host-network-ports 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Restricts containers from rnuning with the `hostNetwork` flag set to `true`." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | match: 24 | kinds: 25 | - apiGroups: [""] 26 | kinds: ["Pod"] 27 | parameters: 28 | hostNetwork: true 29 | #min: 80 30 | #max: 9000 31 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.2.5_psp-allow-privilege-escalation-container.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sPSPAllowPrivilegeEscalationContainer 16 | metadata: # kpt-merge: /psp-allow-privilege-escalation-container 17 | name: psp-allow-privilege-escalation-container 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Restricts containers with `allowPrivilegeEscalation` set to `true`." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | match: 24 | kinds: 25 | - apiGroups: [""] 26 | kinds: ["Pod"] 27 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.2.6_psp-restrict_root_containers.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sPSPAllowedUsers 16 | metadata: # kpt-merge: /psp-pods-must-run-as-nonroot 17 | name: psp-pods-must-run-as-nonroot 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Restricts containers from running as the root user." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | match: 24 | kinds: 25 | - apiGroups: [""] 26 | kinds: ["Pod"] 27 | parameters: 28 | runAsUser: 29 | rule: MustRunAsNonRoot 30 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.2.7-5.2.8-5.2.9_psp-capabilities.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sPSPCapabilities 16 | metadata: # kpt-merge: /psp-capabilities 17 | name: psp-capabilities 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Requires containers to drop the `NET_RAW` capability; constainers may not have allowedCapabilities set to anything other than an empty array; " 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | match: 24 | kinds: 25 | - apiGroups: [""] 26 | kinds: ["Pod"] 27 | parameters: 28 | allowedCapabilities: [] 29 | requiredDropCapabilities: ["NET_RAW"] 30 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.3.2_require-namespace-network-policies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sRequireNamespaceNetworkPolicies 16 | metadata: # kpt-merge: /require-namespace-network-policies 17 | name: require-namespace-network-policies 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Requires that every namespace defined in the cluster has a NetworkPolicy." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.4.1_no-secrets-as-env-vars.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sNoEnvVarSecrets 16 | metadata: # kpt-merge: /no-secrets-as-env-vars 17 | name: no-secrets-as-env-vars 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Prohibits secrets as environment variables in container definitions; instead, use mounted secret files in data volumes." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.7.2_seccomp-docker-default.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sPSPSeccomp 16 | metadata: # kpt-merge: /psp-seccomp-docker-default 17 | name: psp-seccomp-docker-default 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Requires that Pods have seccomp profile set to `docker/default`." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | match: 24 | kinds: 25 | - apiGroups: [""] 26 | kinds: ["Pod"] 27 | parameters: 28 | allowedProfiles: 29 | - docker/default 30 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.7.3_pods-require-security-context.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sPodsRequireSecurityContext 16 | metadata: # kpt-merge: /pods-require-security-context 17 | name: pods-require-security-context 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Requires that Pods must have a `securityContext` defined." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/5.7.4_restrict-default-namespace.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: constraints.gatekeeper.sh/v1beta1 15 | kind: K8sRestrictNamespaces 16 | metadata: # kpt-merge: /restrict-default-namespace 17 | name: restrict-default-namespace 18 | annotations: 19 | # This constraint is not certified by CIS. 20 | description: "Restricts resources from using the `default` namespace." 21 | spec: 22 | enforcementAction: dryrun # kpt-set: ${enforcementAction} 23 | parameters: 24 | restrictedNamespaces: 25 | - default 26 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/Kptfile: -------------------------------------------------------------------------------- 1 | apiVersion: kpt.dev/v1 2 | kind: Kptfile 3 | metadata: 4 | name: cis-k8s-1.5.1 5 | upstream: 6 | type: git 7 | git: 8 | repo: https://github.com/GoogleCloudPlatform/acm-policy-controller-library 9 | directory: /bundles/cis-k8s-1.5.1 10 | ref: master 11 | updateStrategy: resource-merge 12 | upstreamLock: 13 | type: git 14 | git: 15 | repo: https://github.com/GoogleCloudPlatform/acm-policy-controller-library 16 | directory: /bundles/cis-k8s-1.5.1 17 | ref: master 18 | commit: dd914200aa4768ad59ebb6ef56b5bf2062c06fb3 19 | info: 20 | description: CIS Benchmark Kubernetes v1.5.1 21 | pipeline: 22 | mutators: 23 | - image: gcr.io/kpt-fn/apply-setters:v0.1 24 | configMap: 25 | enforcementAction: dryrun 26 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/cis-k8s-1.5.1/README.md: -------------------------------------------------------------------------------- 1 | CIS Kubernetes Benchmark v.1.5.1 2 | ================================================== 3 | 4 | ## Description 5 | 6 | These constraints are intended to address the recommendations the CIS Kubernetes Benchmark v.1.5.1. They have not been certified by CIS. 7 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/config-root/configconnector.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: core.cnrm.cloud.google.com/v1beta1 15 | kind: ConfigConnector 16 | metadata: 17 | # the name is restricted to ensure that there is only one 18 | # ConfigConnector instance installed in your cluster 19 | name: configconnector.core.cnrm.cloud.google.com 20 | spec: 21 | googleServiceAccount: "cnrmsa@to-be-specified.iam.gserviceaccount.com" # kpt-set: cnrmsa@${projectId}.iam.gserviceaccount.com 22 | mode: cluster 23 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/terraform/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "cluster_location" { 18 | value = module.gke.location 19 | } 20 | 21 | output "cluster_name" { 22 | value = module.gke.name 23 | } 24 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/terraform/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google-beta = { 20 | source = "hashicorp/google-beta" 21 | } 22 | } 23 | } 24 | provider "google-beta" { 25 | project = var.project 26 | region = var.region 27 | zone = var.zone 28 | } 29 | -------------------------------------------------------------------------------- /examples/acm-terraform-blog-part3/terraform/terraform.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | region = "us-central1" 18 | zone = "us-central1-c" 19 | sync_repo = "https://github.com/terraform-google-modules/terraform-google-kubernetes-engine.git" 20 | sync_branch = "master" 21 | policy_dir = "examples/acm-terraform-blog-part3/config-root" 22 | -------------------------------------------------------------------------------- /examples/autopilot_private_firewalls/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | 21 | variable "region" { 22 | description = "The region the cluster in" 23 | default = "us-central1" 24 | } 25 | -------------------------------------------------------------------------------- /examples/autopilot_private_firewalls/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/confidential_safer_cluster/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project ID to host the cluster in." 20 | } 21 | 22 | variable "region" { 23 | type = string 24 | description = "The region to host the cluster in." 25 | default = "us-central1" 26 | } 27 | -------------------------------------------------------------------------------- /examples/confidential_safer_cluster/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | google-beta = { 24 | source = "hashicorp/google-beta" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | } 29 | random = { 30 | source = "hashicorp/random" 31 | version = ">= 3.0" 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /examples/deploy_service/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/deploy_service/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/disable_client_cert/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/disable_client_cert/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/island_cluster_anywhere_in_gcp_design/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "cluster_ids" { 18 | value = [for c in module.gke : c.cluster_id] 19 | } 20 | -------------------------------------------------------------------------------- /examples/island_cluster_anywhere_in_gcp_design/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /examples/island_cluster_with_vm_router/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "cluster_id" { 18 | value = module.gke.cluster_id 19 | } 20 | -------------------------------------------------------------------------------- /examples/island_cluster_with_vm_router/terraform.tfvars: -------------------------------------------------------------------------------- 1 | project_id = "" 2 | region = "us-central1" 3 | cluster_name = "gke-island-cluster-test" 4 | node_locations = [ 5 | "us-central1-a", 6 | "us-central1-b", 7 | "us-central1-f" 8 | ] 9 | subnet_cidr = "100.64.0.0/20" 10 | router_machine_type = "n2-highcpu-4" 11 | primary_subnet = "projects//regions//subnetworks/" 12 | secondary_ranges = { 13 | pods = "100.64.64.0/18" 14 | services = "100.64.128.0/20" 15 | master_cidr = "100.64.144.0/28" 16 | } 17 | proxy_subnet_cidr = "100.64.168.0/24" 18 | psc_subnet_cidr = "100.64.192.0/24" 19 | master_authorized_networks = [ 20 | { 21 | cidr_block = "100.64.0.0/10" 22 | display_name = "cluster net" 23 | } 24 | ] 25 | primary_net_cidrs = [ 26 | "10.0.0.0/8", 27 | "192.168.0.0/16", 28 | "172.16.0.0/12" 29 | ] 30 | -------------------------------------------------------------------------------- /examples/island_cluster_with_vm_router/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.6" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /examples/node_pool/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/node_pool/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | google-beta = { 23 | source = "hashicorp/google-beta" 24 | } 25 | kubernetes = { 26 | source = "hashicorp/kubernetes" 27 | } 28 | } 29 | required_version = ">= 0.13" 30 | } 31 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant/data/shutdown-script.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | # Copyright 2018 Google LLC 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | kubectl --kubeconfig=/var/lib/kubelet/kubeconfig drain --force=true --ignore-daemonsets=true --delete-local-data "$HOSTNAME" 19 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The service account to default running nodes as if not overridden in `node_pools`." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant_beta/data/shutdown-script.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | # Copyright 2018 Google LLC 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | kubectl --kubeconfig=/var/lib/kubelet/kubeconfig drain --force=true --ignore-daemonsets=true --delete-local-data "$HOSTNAME" 19 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant_beta/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The service account to default running nodes as if not overridden in `node_pools`." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant_beta/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | google-beta = { 23 | source = "hashicorp/google-beta" 24 | } 25 | kubernetes = { 26 | source = "hashicorp/kubernetes" 27 | } 28 | } 29 | required_version = ">= 0.13" 30 | } 31 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant_public_beta/data/shutdown-script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | kubectl --kubeconfig=/var/lib/kubelet/kubeconfig drain --force=true --ignore-daemonsets=true --delete-local-data "$HOSTNAME" 18 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant_public_beta/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The service account to default running nodes as if not overridden in `node_pools`." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/node_pool_update_variant_public_beta/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | google-beta = { 23 | source = "hashicorp/google-beta" 24 | } 25 | kubernetes = { 26 | source = "hashicorp/kubernetes" 27 | } 28 | } 29 | required_version = ">= 0.13" 30 | } 31 | -------------------------------------------------------------------------------- /examples/private_zonal_with_networking/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/regional_private_node_pool_oauth_scopes/provider.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_client_config" "default" {} 18 | 19 | provider "kubernetes" { 20 | host = "https://${module.gke.endpoint}" 21 | token = data.google_client_config.default.access_token 22 | cluster_ca_certificate = base64decode(module.gke.ca_certificate) 23 | } 24 | -------------------------------------------------------------------------------- /examples/regional_private_node_pool_oauth_scopes/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | -------------------------------------------------------------------------------- /examples/regional_private_node_pool_oauth_scopes/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | google-beta = { 23 | source = "hashicorp/google-beta" 24 | } 25 | kubernetes = { 26 | source = "hashicorp/kubernetes" 27 | } 28 | } 29 | required_version = ">= 0.13" 30 | } 31 | -------------------------------------------------------------------------------- /examples/safer_cluster/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project ID to host the cluster in" 20 | } 21 | 22 | variable "region" { 23 | type = string 24 | description = "The region to host the cluster in" 25 | default = "us-central1" 26 | } 27 | -------------------------------------------------------------------------------- /examples/safer_cluster/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | google-beta = { 24 | source = "hashicorp/google-beta" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | } 29 | random = { 30 | source = "hashicorp/random" 31 | version = ">= 3.0" 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /examples/safer_cluster_iap_bastion/kms.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "kms" { 18 | source = "terraform-google-modules/kms/google" 19 | version = "~> 4.0" 20 | project_id = var.project_id 21 | location = var.region 22 | keyring = "gke-keyring" 23 | keys = ["gke-key"] 24 | prevent_destroy = false 25 | } 26 | -------------------------------------------------------------------------------- /examples/safer_cluster_iap_bastion/provider.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_client_config" "default" {} 18 | 19 | provider "kubernetes" { 20 | host = "https://${module.gke.endpoint}" 21 | token = data.google_client_config.default.access_token 22 | cluster_ca_certificate = base64decode(module.gke.ca_certificate) 23 | } 24 | -------------------------------------------------------------------------------- /examples/safer_cluster_iap_bastion/templates/startup-script.tftpl: -------------------------------------------------------------------------------- 1 | sudo apt-get update -y 2 | sudo apt-get install -y tinyproxy 3 | -------------------------------------------------------------------------------- /examples/safer_cluster_iap_bastion/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | google-beta = { 23 | source = "hashicorp/google-beta" 24 | } 25 | kubernetes = { 26 | source = "hashicorp/kubernetes" 27 | } 28 | } 29 | required_version = ">= 0.13" 30 | } 31 | -------------------------------------------------------------------------------- /examples/shared_vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/shared_vpc/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_autopilot_private/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | 21 | variable "region" { 22 | description = "The region the cluster in" 23 | default = "us-central1" 24 | } 25 | -------------------------------------------------------------------------------- /examples/simple_autopilot_private/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_autopilot_private_cmek/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | -------------------------------------------------------------------------------- /examples/simple_autopilot_private_cmek/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 1.3" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_autopilot_private_non_default_sa/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | -------------------------------------------------------------------------------- /examples/simple_autopilot_private_non_default_sa/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_autopilot_public/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | 21 | variable "region" { 22 | description = "The region the cluster in" 23 | default = "us-central1" 24 | } 25 | -------------------------------------------------------------------------------- /examples/simple_autopilot_public/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_fleet_app_operator_permissions/README.md: -------------------------------------------------------------------------------- 1 | # Simple App Operator Permissions Setup for a Fleet Scope 2 | 3 | This example illustrates how to create a Fleet Scope for a [team](https://cloud.google.com/kubernetes-engine/fleet-management/docs/team-management) and set up permissions for an app operator in the team. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | fleet\_project\_id | The project to which the Fleet belongs. | `string` | n/a | yes | 11 | 12 | ## Outputs 13 | 14 | | Name | Description | 15 | |------|-------------| 16 | | fleet\_project\_id | The project to which the Fleet belongs. | 17 | | wait | An output (Fleet Scope RBAC Role Binding IDs) to use when you want to depend on granting permissions finishing. | 18 | 19 | 20 | 21 | To provision this example, run the following from within this directory: 22 | - `terraform init` to get the plugins 23 | - `terraform plan` to see the infrastructure plan 24 | - `terraform apply` to apply the infrastructure build 25 | - `terraform destroy` to destroy the built infrastructure 26 | 27 | -------------------------------------------------------------------------------- /examples/simple_fleet_app_operator_permissions/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "fleet_project_id" { 18 | description = "The project to which the Fleet belongs." 19 | value = var.fleet_project_id 20 | } 21 | 22 | output "wait" { 23 | description = "An output (Fleet Scope RBAC Role Binding IDs) to use when you want to depend on granting permissions finishing." 24 | value = module.permissions.wait 25 | } 26 | 27 | -------------------------------------------------------------------------------- /examples/simple_fleet_app_operator_permissions/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "fleet_project_id" { 18 | description = "The project to which the Fleet belongs." 19 | type = string 20 | } 21 | 22 | -------------------------------------------------------------------------------- /examples/simple_fleet_app_operator_permissions/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.2.0" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 4.81.0" 24 | } 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 4.81.0" 28 | } 29 | } 30 | } 31 | 32 | -------------------------------------------------------------------------------- /examples/simple_regional/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/simple_regional/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_regional_beta/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | -------------------------------------------------------------------------------- /examples/simple_regional_beta/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | google-beta = { 24 | source = "hashicorp/google-beta" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_regional_cluster_autoscaling/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018-2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | sensitive = true 29 | value = module.gke.ca_certificate 30 | } 31 | 32 | output "service_account" { 33 | description = "The default service account used for running nodes." 34 | value = module.gke.service_account 35 | } 36 | 37 | -------------------------------------------------------------------------------- /examples/simple_regional_cluster_autoscaling/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021-2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_regional_private/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/simple_regional_private/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_regional_private_beta/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/simple_regional_private_beta/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | google-beta = { 24 | source = "hashicorp/google-beta" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /examples/simple_regional_private_with_cluster_version/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | value = module.gke.endpoint 19 | } 20 | 21 | output "client_token" { 22 | sensitive = true 23 | value = base64encode(data.google_client_config.default.access_token) 24 | } 25 | 26 | output "ca_certificate" { 27 | value = module.gke.ca_certificate 28 | } 29 | 30 | output "service_account" { 31 | description = "The default service account used for running nodes." 32 | value = module.gke.service_account 33 | } 34 | 35 | -------------------------------------------------------------------------------- /examples/simple_regional_private_with_cluster_version/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_regional_with_gateway_api/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/simple_regional_with_gateway_api/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_regional_with_ipv6/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/simple_regional_with_ipv6/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_regional_with_kubeconfig/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke_auth.host 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = module.gke_auth.token 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke_auth.cluster_ca_certificate 29 | } 30 | 31 | output "kubeconfig_raw" { 32 | value = module.gke_auth.kubeconfig_raw 33 | } 34 | 35 | output "service_account" { 36 | description = "The default service account used for running nodes." 37 | value = module.gke.service_account 38 | } 39 | 40 | -------------------------------------------------------------------------------- /examples/simple_regional_with_kubeconfig/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_regional_with_networking/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_windows_node_pool/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | sensitive = true 30 | } 31 | 32 | output "service_account" { 33 | description = "The default service account used for running nodes." 34 | value = module.gke.service_account 35 | } 36 | -------------------------------------------------------------------------------- /examples/simple_windows_node_pool/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | 21 | variable "cluster_name_suffix" { 22 | description = "A suffix to append to the default cluster name" 23 | default = "" 24 | } 25 | 26 | variable "region" { 27 | description = "The region to host the cluster in" 28 | default = "us-central1" 29 | } 30 | 31 | variable "zone" { 32 | type = string 33 | description = "The zone to host the cluster in" 34 | default = "us-central1-a" 35 | } 36 | -------------------------------------------------------------------------------- /examples/simple_windows_node_pool/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | google-beta = { 24 | source = "hashicorp/google-beta" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /examples/simple_zonal_private/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/simple_zonal_private/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_zonal_with_hub/hub.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "hub" { 18 | source = "terraform-google-modules/kubernetes-engine/google//modules/fleet-membership" 19 | version = "~> 36.0" 20 | 21 | project_id = var.project_id 22 | location = module.gke.location 23 | cluster_name = module.gke.name 24 | 25 | depends_on = [module.gke] 26 | } 27 | -------------------------------------------------------------------------------- /examples/simple_zonal_with_hub/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | 21 | variable "cluster_name_suffix" { 22 | description = "A suffix to append to the default cluster name" 23 | default = "" 24 | } 25 | 26 | variable "region" { 27 | description = "The region to host the cluster in" 28 | default = "us-central1" 29 | } 30 | 31 | variable "zone" { 32 | type = string 33 | description = "The zone to host the cluster in" 34 | default = "us-central1-a" 35 | } 36 | -------------------------------------------------------------------------------- /examples/simple_zonal_with_hub/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/simple_zonal_with_hub_kubeconfig/hub.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "hub" { 18 | source = "terraform-google-modules/kubernetes-engine/google//modules/hub-legacy" 19 | version = "~> 36.0" 20 | 21 | project_id = var.project_id 22 | location = "remote" 23 | cluster_name = kind_cluster.test-cluster.name 24 | cluster_endpoint = kind_cluster.test-cluster.endpoint 25 | gke_hub_membership_name = kind_cluster.test-cluster.name 26 | gke_hub_sa_name = "sa-for-kind-cluster-membership" 27 | use_kubeconfig = true 28 | labels = "testlabel=usekubecontext" 29 | } 30 | -------------------------------------------------------------------------------- /examples/simple_zonal_with_hub_kubeconfig/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | provider "kind" {} 18 | 19 | # creating a cluster with kind of the name "test-cluster" with kubernetes version v1.18.4 and two nodes 20 | resource "kind_cluster" "test-cluster" { 21 | name = "test-cluster" 22 | node_image = "kindest/node:v1.18.4" 23 | wait_for_ready = true 24 | kind_config { 25 | kind = "Cluster" 26 | api_version = "kind.x-k8s.io/v1alpha4" 27 | node { 28 | role = "control-plane" 29 | } 30 | node { 31 | role = "worker" 32 | } 33 | } 34 | provisioner "local-exec" { 35 | command = "kubectl config set-context kind-test-cluster" 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /examples/simple_zonal_with_hub_kubeconfig/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | value = kind_cluster.test-cluster.endpoint 19 | description = "Kube API endpoint for the kind cluster" 20 | } 21 | -------------------------------------------------------------------------------- /examples/simple_zonal_with_hub_kubeconfig/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the cluster in" 19 | } 20 | -------------------------------------------------------------------------------- /examples/simple_zonal_with_hub_kubeconfig/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kind = { 23 | source = "kyma-incubator/kind" 24 | version = "0.0.11" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | } 29 | } 30 | required_version = ">= 0.13" 31 | } 32 | -------------------------------------------------------------------------------- /examples/stub_domains/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/stub_domains/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/stub_domains_private/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/stub_domains_private/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/stub_domains_upstream_nameservers/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/stub_domains_upstream_nameservers/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | kubernetes = { 24 | source = "hashicorp/kubernetes" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /examples/upstream_nameservers/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | value = module.gke.ca_certificate 29 | } 30 | 31 | output "service_account" { 32 | description = "The default service account used for running nodes." 33 | value = module.gke.service_account 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/upstream_nameservers/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | kubernetes = { 24 | source = "hashicorp/kubernetes" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /examples/workload_identity/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | } 22 | kubernetes = { 23 | source = "hashicorp/kubernetes" 24 | } 25 | } 26 | required_version = ">= 0.13" 27 | } 28 | -------------------------------------------------------------------------------- /examples/workload_metadata_config/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kubernetes_endpoint" { 18 | sensitive = true 19 | value = module.gke.endpoint 20 | } 21 | 22 | output "client_token" { 23 | sensitive = true 24 | value = base64encode(data.google_client_config.default.access_token) 25 | } 26 | 27 | output "ca_certificate" { 28 | sensitive = true 29 | value = module.gke.ca_certificate 30 | } 31 | 32 | output "service_account" { 33 | description = "The default service account used for running nodes." 34 | value = module.gke.service_account 35 | } 36 | 37 | -------------------------------------------------------------------------------- /examples/workload_metadata_config/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | google-beta = { 24 | source = "hashicorp/google-beta" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /modules/auth/templates/kubeconfig-template.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | clusters: 3 | - cluster: 4 | certificate-authority-data: ${cluster_ca_certificate} 5 | server: https://${endpoint} 6 | name: ${context} 7 | contexts: 8 | - context: 9 | cluster: ${context} 10 | user: ${context} 11 | name: ${context} 12 | current-context: ${context} 13 | kind: Config 14 | preferences: {} 15 | users: 16 | - name: ${context} 17 | user: 18 | token: ${token} 19 | -------------------------------------------------------------------------------- /modules/auth/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The GCP project of the GKE cluster." 19 | type = string 20 | } 21 | 22 | variable "location" { 23 | description = "The location (region or zone) of the GKE cluster." 24 | type = string 25 | } 26 | 27 | variable "cluster_name" { 28 | description = "The name of the GKE cluster." 29 | type = string 30 | } 31 | 32 | variable "use_private_endpoint" { 33 | description = "Connect on the private GKE cluster endpoint" 34 | type = bool 35 | default = false 36 | } 37 | -------------------------------------------------------------------------------- /modules/auth/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | /** 3 | * Copyright 2021 Google LLC 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | 18 | terraform { 19 | required_version = ">= 1.3" 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | # Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507 24 | version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 7" 25 | } 26 | } 27 | 28 | provider_meta "google" { 29 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v36.3.0" 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /modules/beta-autopilot-private-cluster/dns.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | -------------------------------------------------------------------------------- /modules/beta-autopilot-private-cluster/networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | data "google_compute_subnetwork" "private_endpoint_subnetwork" { 29 | provider = google 30 | 31 | count = var.private_endpoint_subnetwork != null ? 1 : 0 32 | name = var.private_endpoint_subnetwork 33 | region = local.region 34 | project = local.network_project_id 35 | } 36 | -------------------------------------------------------------------------------- /modules/beta-autopilot-private-cluster/variables_defaults.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | # Setup dynamic default values for variables which can't be setup using 20 | # the standard terraform "variable default" functionality 21 | 22 | -------------------------------------------------------------------------------- /modules/beta-autopilot-public-cluster/dns.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | -------------------------------------------------------------------------------- /modules/beta-autopilot-public-cluster/networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | -------------------------------------------------------------------------------- /modules/beta-autopilot-public-cluster/variables_defaults.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | # Setup dynamic default values for variables which can't be setup using 20 | # the standard terraform "variable default" functionality 21 | 22 | -------------------------------------------------------------------------------- /modules/beta-private-cluster-update-variant/networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | data "google_compute_subnetwork" "private_endpoint_subnetwork" { 29 | provider = google 30 | 31 | count = var.private_endpoint_subnetwork != null ? 1 : 0 32 | name = var.private_endpoint_subnetwork 33 | region = local.region 34 | project = local.network_project_id 35 | } 36 | -------------------------------------------------------------------------------- /modules/beta-private-cluster/networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | data "google_compute_subnetwork" "private_endpoint_subnetwork" { 29 | provider = google 30 | 31 | count = var.private_endpoint_subnetwork != null ? 1 : 0 32 | name = var.private_endpoint_subnetwork 33 | region = local.region 34 | project = local.network_project_id 35 | } 36 | -------------------------------------------------------------------------------- /modules/beta-public-cluster-update-variant/networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | -------------------------------------------------------------------------------- /modules/beta-public-cluster/networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | -------------------------------------------------------------------------------- /modules/binary-authorization/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "key" { 18 | value = google_kms_crypto_key.crypto-key.name 19 | description = "Name of the Key created for the attestor" 20 | } 21 | 22 | output "attestor" { 23 | value = google_binary_authorization_attestor.attestor.name 24 | description = "Name of the built attestor" 25 | } 26 | -------------------------------------------------------------------------------- /modules/binary-authorization/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | /** 3 | * Copyright 2021 Google LLC 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | 18 | terraform { 19 | required_version = ">= 1.3" 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = "< 7" 24 | } 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = "< 7" 28 | } 29 | } 30 | provider_meta "google" { 31 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v36.3.0" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /modules/fleet-app-operator-permissions/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "fleet_project_id" { 18 | description = "The project to which the Fleet belongs." 19 | value = var.fleet_project_id 20 | } 21 | 22 | output "wait" { 23 | description = "An output to use when you want to depend on Scope RBAC Role Binding creation finishing." 24 | value = { 25 | for k, v in merge(google_gke_hub_scope_rbac_role_binding.scope_rbac_user_role_bindings, google_gke_hub_scope_rbac_role_binding.scope_rbac_group_role_bindings) : k => v.scope_rbac_role_binding_id 26 | } 27 | } 28 | 29 | -------------------------------------------------------------------------------- /modules/fleet-app-operator-permissions/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3.0" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 4.81.0" 24 | } 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 4.81.0" 28 | } 29 | random = { 30 | source = "hashicorp/random" 31 | version = ">= 2.0.0" 32 | } 33 | } 34 | 35 | provider_meta "google" { 36 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:fleet-app-operator-permissions/v36.3.0" 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /modules/fleet-membership/membership.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018-2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | # Create the membership 18 | resource "google_gke_hub_membership" "primary" { 19 | count = var.enable_fleet_registration ? 1 : 0 20 | provider = google-beta 21 | 22 | project = local.hub_project_id 23 | membership_id = local.gke_hub_membership_name 24 | location = var.membership_location 25 | 26 | endpoint { 27 | gke_cluster { 28 | resource_link = "//container.googleapis.com/${data.google_container_cluster.primary.id}" 29 | } 30 | } 31 | authority { 32 | issuer = "https://container.googleapis.com/v1/${data.google_container_cluster.primary.id}" 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /modules/fleet-membership/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | /** 3 | * Copyright 2021 Google LLC 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | 18 | terraform { 19 | required_version = ">= 1.3" 20 | 21 | required_providers { 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 5.6.0, < 7" 25 | } 26 | google-beta = { 27 | source = "hashicorp/google-beta" 28 | version = ">= 5.6.0, < 7" 29 | } 30 | } 31 | 32 | provider_meta "google" { 33 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v36.3.0" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /modules/hub-legacy/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | output "wait" { 19 | description = "An output to use when you want to depend on registration finishing" 20 | value = module.gke_hub_registration.wait 21 | } 22 | -------------------------------------------------------------------------------- /modules/hub-legacy/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | /** 3 | * Copyright 2021 Google LLC 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | 18 | terraform { 19 | required_version = ">= 1.3" 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = "< 7" 24 | } 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = "< 7" 28 | } 29 | } 30 | provider_meta "google" { 31 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v36.3.0" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /modules/private-cluster-update-variant/networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | data "google_compute_subnetwork" "private_endpoint_subnetwork" { 29 | provider = google 30 | 31 | count = var.private_endpoint_subnetwork != null ? 1 : 0 32 | name = var.private_endpoint_subnetwork 33 | region = local.region 34 | project = local.network_project_id 35 | } 36 | -------------------------------------------------------------------------------- /modules/private-cluster-update-variant/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022-2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | terraform { 19 | required_version = ">=1.3" 20 | 21 | required_providers { 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 6.38.0, < 7" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | version = "~> 2.10" 29 | } 30 | random = { 31 | source = "hashicorp/random" 32 | version = ">= 2.1" 33 | } 34 | } 35 | provider_meta "google" { 36 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v36.3.0" 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /modules/private-cluster/networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | data "google_compute_subnetwork" "private_endpoint_subnetwork" { 29 | provider = google 30 | 31 | count = var.private_endpoint_subnetwork != null ? 1 : 0 32 | name = var.private_endpoint_subnetwork 33 | region = local.region 34 | project = local.network_project_id 35 | } 36 | -------------------------------------------------------------------------------- /modules/private-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022-2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | terraform { 19 | required_version = ">=1.3" 20 | 21 | required_providers { 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 6.38.0, < 7" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | version = "~> 2.10" 29 | } 30 | random = { 31 | source = "hashicorp/random" 32 | version = ">= 2.1" 33 | } 34 | } 35 | provider_meta "google" { 36 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v36.3.0" 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /modules/safer-cluster-update-variant/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/safer-cluster 18 | 19 | 20 | terraform { 21 | required_version = ">=1.3" 22 | 23 | provider_meta "google-beta" { 24 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v36.3.0" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /modules/safer-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/safer-cluster 18 | 19 | 20 | terraform { 21 | required_version = ">=1.3" 22 | 23 | provider_meta "google-beta" { 24 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v36.3.0" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /modules/services/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "services" { 18 | source = "terraform-google-modules/project-factory/google//modules/project_services" 19 | version = "~> 18.0" 20 | 21 | project_id = var.project_id 22 | enable_apis = var.enable_apis 23 | disable_services_on_destroy = var.disable_services_on_destroy 24 | disable_dependent_services = var.disable_dependent_services 25 | 26 | activate_apis = [ 27 | "compute.googleapis.com", 28 | "iam.googleapis.com", 29 | "container.googleapis.com" 30 | ] 31 | } 32 | -------------------------------------------------------------------------------- /modules/services/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | description = "The GCP project you enabled APIs on" 19 | value = module.services.project_id 20 | } 21 | -------------------------------------------------------------------------------- /modules/services/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | /** 3 | * Copyright 2021 Google LLC 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | 18 | terraform { 19 | required_version = ">= 1.3" 20 | 21 | provider_meta "google" { 22 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v36.3.0" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /modules/workload-identity/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | /** 3 | * Copyright 2021 Google LLC 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | 18 | terraform { 19 | required_version = ">= 1.3" 20 | 21 | required_providers { 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 5.12.0, < 7" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | version = "~> 2.13" 29 | } 30 | } 31 | 32 | provider_meta "google" { 33 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v36.3.0" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /networks.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file was automatically generated from a template in ./autogen/main 18 | 19 | data "google_compute_subnetwork" "gke_subnetwork" { 20 | provider = google 21 | 22 | count = var.add_cluster_firewall_rules ? 1 : 0 23 | name = var.subnetwork 24 | region = local.region 25 | project = local.network_project_id 26 | } 27 | 28 | -------------------------------------------------------------------------------- /test/.gitignore: -------------------------------------------------------------------------------- 1 | source.sh 2 | -------------------------------------------------------------------------------- /test/fixtures/autopilot_private_firewalls/example.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/autopilot_private_firewalls" 19 | 20 | project_id = var.project_ids[0] 21 | region = var.region 22 | } 23 | -------------------------------------------------------------------------------- /test/fixtures/autopilot_private_firewalls/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The GCP projects to use for integration tests" 20 | } 21 | 22 | variable "region" { 23 | description = "The GCP region to create and test resources in" 24 | default = "us-central1" 25 | } 26 | -------------------------------------------------------------------------------- /test/fixtures/confidential_safer_cluster/example.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/confidential_safer_cluster" 19 | 20 | project_id = var.project_ids[1] 21 | region = var.region 22 | } 23 | -------------------------------------------------------------------------------- /test/fixtures/confidential_safer_cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.example.project_id 19 | } 20 | 21 | output "cluster_name" { 22 | description = "Cluster name." 23 | value = module.example.cluster_name 24 | } 25 | 26 | output "location" { 27 | value = module.example.location 28 | } 29 | 30 | output "service_account" { 31 | description = "The service account to default running nodes as if not overridden in `node_pools`." 32 | value = module.example.service_account 33 | } 34 | 35 | output "kms_key_name" { 36 | description = "KMS Key Name." 37 | value = module.example.kms_key_name 38 | } 39 | -------------------------------------------------------------------------------- /test/fixtures/confidential_safer_cluster/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The GCP projects to use for integration tests." 20 | } 21 | 22 | variable "region" { 23 | description = "The GCP region to create and test resources in." 24 | default = "us-central1" 25 | } 26 | -------------------------------------------------------------------------------- /test/fixtures/private_zonal_with_networking/example.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/private_zonal_with_networking" 19 | 20 | project_id = var.project_ids[0] 21 | region = var.region 22 | zones = var.zones 23 | } 24 | -------------------------------------------------------------------------------- /test/fixtures/private_zonal_with_networking/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The project ID to host the cluster in" 20 | } 21 | 22 | variable "region" { 23 | description = "The region to host the cluster in" 24 | default = "us-east4" 25 | } 26 | 27 | variable "zones" { 28 | type = list(string) 29 | description = "The GCP zones to create and test resources in, for applicable tests" 30 | default = ["us-east4-a", "us-east4-b", "us-east4-c"] 31 | } 32 | 33 | -------------------------------------------------------------------------------- /test/fixtures/safer_cluster/example.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/safer_cluster" 19 | 20 | project_id = var.project_ids[0] 21 | region = var.region 22 | } 23 | -------------------------------------------------------------------------------- /test/fixtures/safer_cluster_iap_bastion/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | output "test_command" { 19 | description = "Test command to check connectivity." 20 | value = local.test_command 21 | sensitive = true 22 | } 23 | 24 | output "cluster_version" { 25 | description = "Cluster version for tests." 26 | value = data.google_container_cluster.safer.master_version 27 | } 28 | -------------------------------------------------------------------------------- /test/fixtures/safer_cluster_iap_bastion/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The GCP projects to use for integration tests" 20 | } 21 | 22 | variable "int_sa" { 23 | type = string 24 | description = "The email address of SA" 25 | } 26 | -------------------------------------------------------------------------------- /test/fixtures/simple_autopilot_private/example.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/simple_autopilot_private" 19 | 20 | project_id = var.project_ids[0] 21 | region = var.region 22 | } 23 | -------------------------------------------------------------------------------- /test/fixtures/simple_autopilot_private/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The GCP projects to use for integration tests" 20 | } 21 | 22 | variable "region" { 23 | description = "The GCP region to create and test resources in" 24 | default = "us-central1" 25 | } 26 | -------------------------------------------------------------------------------- /test/fixtures/simple_autopilot_public/example.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/simple_autopilot_public" 19 | 20 | project_id = var.project_ids[0] 21 | region = var.region 22 | } 23 | -------------------------------------------------------------------------------- /test/fixtures/simple_autopilot_public/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The GCP projects to use for integration tests" 20 | } 21 | 22 | variable "region" { 23 | description = "The GCP region to create and test resources in" 24 | default = "us-central1" 25 | } 26 | -------------------------------------------------------------------------------- /test/fixtures/simple_fleet_app_operator_permissions/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | project_id = var.project_ids[3] # gke-project-fleet 19 | } 20 | 21 | module "example" { 22 | source = "../../../examples/simple_fleet_app_operator_permissions" 23 | 24 | fleet_project_id = local.project_id 25 | } 26 | 27 | -------------------------------------------------------------------------------- /test/fixtures/simple_fleet_app_operator_permissions/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = local.project_id 19 | } 20 | 21 | -------------------------------------------------------------------------------- /test/fixtures/simple_fleet_app_operator_permissions/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The GCP projects to use for integration tests" 20 | } 21 | 22 | -------------------------------------------------------------------------------- /test/fixtures/simple_regional_with_networking/example.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/simple_regional_with_networking" 19 | 20 | project_id = var.project_ids[1] 21 | region = var.region 22 | } 23 | -------------------------------------------------------------------------------- /test/fixtures/simple_regional_with_networking/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The GCP projects to use for integration tests" 20 | } 21 | 22 | variable "region" { 23 | description = "The region to host the cluster in" 24 | default = "us-east4" 25 | } 26 | -------------------------------------------------------------------------------- /test/fixtures/simple_windows_node_pool/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "this" { 18 | source = "../../../examples/simple_windows_node_pool" 19 | project_id = var.project_ids[0] 20 | } 21 | -------------------------------------------------------------------------------- /test/fixtures/simple_windows_node_pool/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_ids" { 18 | type = list(string) 19 | description = "The GCP projects to use for integration tests" 20 | } 21 | -------------------------------------------------------------------------------- /test/fixtures/workload_identity/example.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/workload_identity" 19 | 20 | project_id = var.project_ids[0] 21 | cluster_name_suffix = "-${random_string.suffix.result}" 22 | region = var.region 23 | network = google_compute_network.main.name 24 | subnetwork = google_compute_subnetwork.main.name 25 | ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name 26 | ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name 27 | } 28 | 29 | -------------------------------------------------------------------------------- /test/integration/discover_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package test 16 | 17 | import ( 18 | "testing" 19 | 20 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" 21 | ) 22 | 23 | func TestAll(t *testing.T) { 24 | tft.AutoDiscoverAndTest(t) 25 | } 26 | -------------------------------------------------------------------------------- /test/setup/.gitignore: -------------------------------------------------------------------------------- 1 | terraform.tfvars 2 | source.sh 3 | -------------------------------------------------------------------------------- /test/setup/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | variable "org_id" { 17 | description = "The numeric organization id" 18 | } 19 | 20 | variable "folder_id" { 21 | description = "The folder to deploy in" 22 | } 23 | 24 | variable "billing_account" { 25 | description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" 26 | } 27 | -------------------------------------------------------------------------------- /test/setup/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | } 23 | google-beta = { 24 | source = "hashicorp/google-beta" 25 | } 26 | random = { 27 | source = "hashicorp/random" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022-2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | terraform { 19 | required_version = ">=1.3" 20 | 21 | required_providers { 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 6.38.0, < 7" 25 | } 26 | kubernetes = { 27 | source = "hashicorp/kubernetes" 28 | version = "~> 2.10" 29 | } 30 | random = { 31 | source = "hashicorp/random" 32 | version = ">= 2.1" 33 | } 34 | } 35 | provider_meta "google" { 36 | module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v36.3.0" 37 | } 38 | } 39 | --------------------------------------------------------------------------------