A lightweight GKE cluster module.
module "cluster" {
source = "JamesWoolfenden/cluster/gcp"
ip_allocation_policy = var.ip_allocation_policy
location = var.location
master_authorized_network_cidr = module.ip.cidr
name = var.name
network = var.network
network_project = var.network_project
node_pool = var.node_pool
private_cluster_config = var.private_cluster_config
region = var.region
subnetwork = var.subnetwork
network_policy_config_disabled = var.network_policy_config_disabled
}
Connecting:
gcloud components install gke-gcloud-auth-plugin
gcloud container clusters get-credentials $CLUSTER_NAME --zone $ZONE --project $PROJECT_ID
e.g. gcloud container clusters get-credentials cluster-1 --zone us-central1-a --project pike-gcp
[drop from GP or add GP as control plane assess]
$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)
Install Istio $ brew install istioctl $ istioctl install
Monthly cost estimate
Project: JamesWoolfenden/terraform-gcp-cluster/example/examplea
Name Monthly Qty Unit Monthly Cost
module.cluster.google_container_cluster.cluster
└─ Cluster management fee 730 hours $73.00
module.cluster.google_container_node_pool.nodepool
├─ Instance usage (Linux/UNIX, on-demand, n1-standard-2) 730 hours $48.54
└─ Standard provisioned storage (pd-standard) 10 GiB $0.40
OVERALL TOTAL $121.94
No requirements.
Name | Version |
---|---|
n/a | |
google-beta | n/a |
No modules.
Name | Type |
---|---|
google-beta_google_container_cluster.cluster | resource |
google_container_node_pool.nodepool | resource |
google_service_account.default | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
auto_upgrade | n/a | bool |
true |
no |
http_load_balancing_disabled | Disable Http Load balancing | bool |
false |
no |
ip_allocation_policy | Values to fill the cluster ip_allocation_policy block | map(any) |
n/a | yes |
key_name | Changing key name as keys and key rings are undeletable | string |
n/a | yes |
kubernetes_dashboard_disabled | Switch on the Dashboard | bool |
false |
no |
location | n/a | string |
n/a | yes |
maintenance_window | n/a | string |
"00:30" |
no |
master_authorized_network_cidr | The range of IPs that can connect to the Kubernetes master | string |
n/a | yes |
name | The Name of the cluster | string |
n/a | yes |
network | The VPC | any |
n/a | yes |
network_policy | To enable the network policy | bool |
true |
no |
network_policy_config_disabled | Toggle network policy | bool |
false |
no |
node_pool | Configuration of the Node hosts | map(any) |
{ |
no |
pod_security_policy_config_enabled | n/a | bool |
true |
no |
private_cluster_config | Values to fill the cluster private_cluster_config block | map(any) |
n/a | yes |
project | The GCP project of the Network the cluster is in | any |
n/a | yes |
region | The GCP region | string |
n/a | yes |
release_channel | Set the release channel UNSPECIFIED|RAPID|REGULAR|STABLE | string |
"STABLE" |
no |
resource_labels | n/a | map(any) |
{ |
no |
subnetwork | The name of the sub-net to use | any |
n/a | yes |
zones | n/a | any |
n/a | yes |
Name | Description |
---|---|
service_account | n/a |
The Terraform resource required is:
resource "google_project_iam_custom_role" "terraform_pike" {
project = "pike"
role_id = "terraform_pike"
title = "terraform_pike"
description = "A user with least privileges"
permissions = [
"compute.instanceGroupManagers.get",
"container.clusters.create",
"container.clusters.delete",
"container.clusters.get",
"container.clusters.update",
"container.operations.get",
"iam.serviceAccounts.actAs",
"iam.serviceAccounts.create",
"iam.serviceAccounts.delete",
"iam.serviceAccounts.get",
"iam.serviceAccounts.update"
]
}
Check out these related projects.
- terraform-aws-codecommit - Storing ones code
Got a question?
File a GitHub issue.
Please use the issue tracker to report any bugs or file feature requests.
Copyright © 2019-2023 James Woolfenden
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.