terraform-gcp-cluster

A lightweight GKE cluster module.

module "cluster" {
  source                         = "JamesWoolfenden/cluster/gcp"
  ip_allocation_policy           = var.ip_allocation_policy
  location                       = var.location
  master_authorized_network_cidr = module.ip.cidr
  name                           = var.name
  network                        = var.network
  network_project                = var.network_project
  node_pool                      = var.node_pool
  private_cluster_config         = var.private_cluster_config
  region                         = var.region
  subnetwork                     = var.subnetwork
  network_policy_config_disabled = var.network_policy_config_disabled
}

Connecting:

gcloud components install gke-gcloud-auth-plugin
gcloud container clusters get-credentials $CLUSTER_NAME --zone $ZONE --project $PROJECT_ID

e.g. gcloud container clusters get-credentials cluster-1 --zone us-central1-a --project pike-gcp

[drop from GP or add GP as control plane assess]

$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)

Install Istio $ brew install istioctl $ istioctl install

Costs

Monthly cost estimate

Project: JamesWoolfenden/terraform-gcp-cluster/example/examplea

 Name                                                      Monthly Qty  Unit   Monthly Cost

 module.cluster.google_container_cluster.cluster
 └─ Cluster management fee                                         730  hours        $73.00

 module.cluster.google_container_node_pool.nodepool
 ├─ Instance usage (Linux/UNIX, on-demand, n1-standard-2)          730  hours        $48.54
 └─ Standard provisioned storage (pd-standard)                      10  GiB           $0.40

 OVERALL TOTAL                                                                      $121.94

Requirements

No requirements.

Providers

Name	Version
google	n/a
google-beta	n/a

Modules

No modules.

Resources

Name	Type
google-beta_google_container_cluster.cluster	resource
google_container_node_pool.nodepool	resource
google_service_account.default	resource

Inputs

Name	Description	Type	Default	Required
auto_upgrade	n/a	`bool`	`true`	no
http_load_balancing_disabled	Disable Http Load balancing	`bool`	`false`	no
ip_allocation_policy	Values to fill the cluster ip_allocation_policy block	`map(any)`	n/a	yes
key_name	Changing key name as keys and key rings are undeletable	`string`	n/a	yes
kubernetes_dashboard_disabled	Switch on the Dashboard	`bool`	`false`	no
location	n/a	`string`	n/a	yes
maintenance_window	n/a	`string`	`"00:30"`	no
master_authorized_network_cidr	The range of IPs that can connect to the Kubernetes master	`string`	n/a	yes
name	The Name of the cluster	`string`	n/a	yes
network	The VPC	`any`	n/a	yes
network_policy	To enable the network policy	`bool`	`true`	no
network_policy_config_disabled	Toggle network policy	`bool`	`false`	no
node_pool	Configuration of the Node hosts	`map(any)`	{ "auto_repair": "true", "auto_upgrade": "true", "autoscaling_max": "10", "autoscaling_min": "1", "disk_size_gb": "10", "disk_type": "pd-standard", "machine_type": "n1-standard-2", "max_pods_per_node": "32", "name": "default-pool", "node_count": "1" }	no
pod_security_policy_config_enabled	n/a	`bool`	`true`	no
private_cluster_config	Values to fill the cluster private_cluster_config block	`map(any)`	n/a	yes
project	The GCP project of the Network the cluster is in	`any`	n/a	yes
region	The GCP region	`string`	n/a	yes
release_channel	Set the release channel UNSPECIFIED\|RAPID\|REGULAR\|STABLE	`string`	`"STABLE"`	no
resource_labels	n/a	`map(any)`	{ "createdby": "terraform", "module": "terraform-gcp-cluster" }	no
subnetwork	The name of the sub-net to use	`any`	n/a	yes
zones	n/a	`any`	n/a	yes

Outputs

Name	Description
service_account	n/a

Role and Permissions

The Terraform resource required is:

resource "google_project_iam_custom_role" "terraform_pike" {
  project     = "pike"
  role_id     = "terraform_pike"
  title       = "terraform_pike"
  description = "A user with least privileges"
  permissions = [
    "compute.instanceGroupManagers.get",
    "container.clusters.create",
    "container.clusters.delete",
    "container.clusters.get",
    "container.clusters.update",
    "container.operations.get",
    "iam.serviceAccounts.actAs",
    "iam.serviceAccounts.create",
    "iam.serviceAccounts.delete",
    "iam.serviceAccounts.get",
    "iam.serviceAccounts.update"
  ]
}

Related Projects

Check out these related projects.

terraform-aws-codecommit - Storing ones code

Help

Got a question?

File a GitHub issue.

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Copyrights

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Contributors

James Woolfenden

JamesWoolfenden / terraform-gcp-cluster