This module handles opinionated Google Cloud Platform Kubernetes Engine cluster creation and configuration with Node Pools, IP MASQ, Network Policy, etc.
This module illustrates how to create a simple private cluster.
Simple example using the defaults and only the required inputs in the module.
module "gke" {
source = "./modules/gke"
project_id = "my-exmaple-123"
network = "default"
subnetwork = "subnet-01"
node_pools = [
{
name = "core-pool"
machine_type = "n1-standard-4"
node_locations = "us-central1-b,us-central1-c"
min_count = 1
max_count = 15
local_ssd_count = 0
auto_repair = true
auto_upgrade = true
preemptible = false
image_type = "cos_containerd"
enable_secure_boot = true
disk_size_gb = "200"
disk_type = "pd-ssd"
autoscaling = "false"
node_count = 3
},
]
}Note: if you deploy in multiplie zones, it will take the number of zones in
node_locations* thenode_countvalue. The example would produce 6 nodes if deployed.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| authenticator_security_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | string |
"lsst.cloud" |
no |
| cluster_resource_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) |
{ |
no |
| create_service_account | Defines if service account specified to run nodes should be created. | bool |
true |
no |
| default_max_pods_per_node | The maximum number of pods to schedule per node | number |
110 |
no |
| enable_intranode_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | bool |
true |
no |
| enable_private_nodes | n/a | bool |
true |
no |
| enable_resource_consumption_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | bool |
false |
no |
| enable_shielded_nodes | Enable Shielded Nodes features on all nodes in this cluster. | bool |
true |
no |
| horizontal_pod_autoscaling | Enable horizontal pod autoscaling addon | bool |
true |
no |
| http_load_balancing | Enable httpload balancer addon | bool |
true |
no |
| ip_range_pods | The VPC network to host the cluster in (required) | string |
"kubernetes-pods" |
no |
| ip_range_services | The name of the secondary subnet range to use for services | string |
"kubernetes-services" |
no |
| logging_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string |
"logging.googleapis.com/kubernetes" |
no |
| maintenance_start_time | Time window start for maintenance operations in RFC3339 format | string |
"05:00" |
no |
| maintenance_end_time | Time window end for maintenance operations in RFC3339 format | string |
"09:00" |
no |
| maintenance_recurrence | RFC 5545 RRULE for when maintenance windows occur | string |
"FREQ=DAILY" |
no |
| master_ipv4_cidr_block | n/a | string |
"172.16.0.0/28" |
no |
| monitoring_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string |
"monitoring.googleapis.com/kubernetes" |
no |
| name | A prefix to the default cluster name | string |
"simple" |
no |
| network | The VPC network to host the cluster in (required) | string |
n/a | yes |
| network_policy | Enable network policy addon | bool |
true |
no |
| node_pools | List of maps containing node pools | list(map(string)) |
[ |
|
| "disk_size_gb": "100", "disk_type": "pd-standard", "enable_secure_boot": true, "image_type": "cos_containerd", "initial_node_count": 5, "local_ssd_count": 0, "machine_type": "g1-small", "max_count": 15, "min_count": 1, "name": "core-pool", "node_locations": "us-central1-b", "preemptible": false } ] |
no | |||
| node_pools_labels | Map of maps containing node labels by node-pool name. | map(map(string)) |
{ |
no |
| project_id | The project ID to host the cluster in (required) | string |
n/a | yes |
| region | Region to deploy cluster | string |
"us-central1" |
no |
| regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool |
true |
|
| no | ||||
| release_channel | The release channel of this cluster. Accepted values are UNSPECIFIED, RAPID, REGULAR and STABLE. Defaults to UNSPECIFIED. |
|||
string |
"STABLE" |
no | ||
| remove_default_node_pool | Remove default node pool while setting up the cluster | bool |
true |
no |
| skip_provisioners | Flag to skip local-exec provisioners | bool |
true |
no |
| subnetwork | The subnetwork to host the cluster in (required) | string |
n/a | yes |
| zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | list(string) |
[ |
no |
| Name | Description |
|---|---|
| ca_certificate | n/a |
| kubernetes_endpoint | n/a |
| location | Cluster location (region if regional cluster zone if zonal cluster) |
| master_version | Current master kubernetes version |
| name | Cluster name |
| region | Cluster region |
| service_account | The default service account used for running nodes. |
| zones | List of zones in which the cluster resides |
Implementing a private cluster has technical requirements, restrictions and limitations. These are outline in this link
- One to be aware of is do not overlap with the range
172.17.0.0/16as this is an IP range Google uses.