Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/googlecloudplatform/terraform-google-anthos-vm

Creates VMs on Anthos Bare Metal clusters
https://github.com/googlecloudplatform/terraform-google-anthos-vm

anthos cft-terraform compute kubernetes terraform-module vm

Last synced: 4 months ago
JSON representation

Creates VMs on Anthos Bare Metal clusters

Awesome Lists containing this project

README 

        
# terraform-google-anthos-vm



This module will provide the capability to create [VMs on Anthos Bare Metal](https://cloud.google.com/anthos/clusters/docs/bare-metal/latest/vm-runtime/quickstart) clusters easily using Terraform.



This module doesn't interact with the GCP services but the Anthos Bare Metal clusters directly.



## Usage



Basic usage of this module is as follows:



```hcl

provider "kubernetes" {

  config_path = 

}



module "anthos_vm" {

  source  = "GoogleCloudPlatform/anthos-vm/google"

  version = "~> 0.1"



  name = "myvm"

  boot_disk_http_source = {

    url = "https://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64.img"

  }

  boot_disk_size = "20Gi"

  vcpus          = 2

  memory         = "8Gi"

}

```



Functional examples are included in the

[examples](./examples/) directory.



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

| auto\_restart\_on\_config\_change | whether to automatically restart a VM to pick up configuration changes. | `bool` | `false` | no |

| boot\_disk\_gcs\_source | url : "URL of the GCS source"
    secretRef : "A Secret reference needed to access the GCS source" | 
object({
    url       = string
    secretRef = optional(string)
  })
 | `null` | no |

| boot\_disk\_http\_source | url : "URL of the http(s) endpoint"
    secretRef : "A Secret reference which contains accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded"
    certConfigMap : "A configmap reference which contains a Certificate Authority(CA) public key, and a base64 encoded pem certificate"
    extraHeaders : "A list of strings containing extra headers to include with HTTP transfer requests"
    secretExtraHeaders : "A list of Secret references, each containing an extra HTTP header that may include sensitive information" | 
object({
    url                = string
    secretRef          = optional(string)
    certConfigMap      = optional(string)
    extraHeaders       = optional(list(string))
    secretExtraHeaders = optional(list(string))
  })
 | `null` | no |

| boot\_disk\_name | The name of the existing boot disk in the same namespace. | `string` | `""` | no |

| boot\_disk\_registry\_source | url : "URL of the registry source (starting with the scheme: docker, oci-archive)"
    secretRef : "A Secret reference needed to access the Registry source"
    certConfigMap : "A configmap reference provides registry certs"
    imageStream : "The name of image stream for import"
    pullMethod : "pullMethod can be either "pod" (default import), or "node" (node docker cache based import)" | 
object({
    url           = string
    secretRef     = optional(string)
    certConfigMap = optional(string)
    imageStream   = optional(string)
    pullMethod    = optional(string)
  })
 | `null` | no |

| boot\_disk\_size | Boot disk size in k8s quantity format(https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/). | `string` | `"20Gi"` | no |

| boot\_loader\_type | The initial machine booting options when powering on before loading the kernel. The supported boot options are uefi or bios. | `string` | `""` | no |

| cloudinit\_nocloud | cloud-init nocloud source https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
    secretRef : "Then name of a k8s secret that contains the userdata."
    userDataBase64 : "Userdata as a base64 encoded string."
    userData : "Inline userdata."
    networkDataSecretRef : "The name of a k8s secret that contains the networkdata."
    networkDataBase64 : "Networkdata as a base64 encoded string."
    networkData : "Inline networkdata" | 
object({
    secretRef = optional(object({
      name = string
    }))
    userDataBase64 = optional(string)
    userData       = optional(string)
    networkDataSecretRef = optional(object({
      name = string
    }))
    networkDataBase64 = optional(string)
    networkData       = optional(string)
  })
 | `null` | no |

| create\_timeout | Timeout for the disk creation. | `string` | `"10m"` | no |

| dedicated\_cpu | If the VM should be allocated dedicated host CPU cores and each VM CPU core is pinned to each allocated host CPU core. | `bool` | `false` | no |

| delete\_timeout | Timeout for the disk deletion. | `string` | `"1m"` | no |

| enable\_secure\_boot | Whether to assist blocking modified or malicious code from loading. Only work with UEFI bootloader | `bool` | `true` | no |

| extra\_disks | A list of existing disks that will be used by the VM.
    name : "Name of the VM disk in the same namespace"
    readonly : "If the VM disk is readonly."
    auto\_delete : "If to delete the VM disk when the VM is deleted." | 
list(object({
    name        = string
    readonly    = optional(bool, false)
    auto_delete = optional(bool, false)
  }))
 | `[]` | no |

| extra\_interfaces | A list of existing disks that will be used by the VM.
    name : "Name of the network interface in the VM."
    network : "Name of the Anthos network object."
    ips : "A list of IP addresses from the network to be allocated to the VM." | 
list(object({
    name    = string
    network = string
    ips     = list(string)
  }))
 | `[]` | no |

| gpu | model : "The GPU model the VM want to reserve."
    quantity : "The number of GPU card for the specific GPU model the VM want to reserve." | 
object({
    model    = string
    quantity = number
  })
 | `null` | no |

| guest\_environment | The guest environment features.
    enable\_access\_management : "Whether the SSH access management feature should be enabled." | 
object({
    enable_access_management = optional(bool)
  })
 | 
{
  "enable_access_management": true
}
 | no |

| hugepage\_size | Use the huge page instead for the VM memory config. Valid huge pages are 2Mi or 1Gi. | `string` | `""` | no |

| is\_guaranteed | If the resources of the VM are in the guaranteed tier | `bool` | `false` | no |

| is\_windows | If the VM is a windows VM | `bool` | `false` | no |

| isolated\_emulator\_thread | If one more dedicated host CPU core should be allocated to the VM for the QEMU emulator thread. | `bool` | `false` | no |

| memory | Memory capacity in k8s quantity format(https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/). | `string` | `"4Gi"` | no |

| name | Name of the VM | `string` | n/a | yes |

| namespace | Namespace where the VM belongs to | `string` | `"default"` | no |

| numa\_guest\_mapping\_passthrough | It creates an efficient guest topology based on container NUMA topology | `bool` | `false` | no |

| scheduling | nodeSelector : "The node labels that the host node of this VM must have."
    affinity : "The affinity rules of the VM. The object needs to align with the k8s Affinity type."
    tolerations : "Allows the VM to schedule onto nodes with matching taints. The list elements should have the type align with k8s Toleration type." | 
object({
    nodeSelector = optional(map(string))
    affinity     = optional(any)
    tolerations  = optional(list(any))
  })
 | `null` | no |

| startup\_scripts | A list of startup scripts of the VM.
    name : "The name of a script."
    script : "The plain text string of the script."
    scriptBase64 : "The base64 encoded string of the script."
    scriptSecretRef : "The name of a k8s secret that contains the script." | 
list(object({
    name         = string
    script       = optional(string)
    scriptBase64 = optional(string)
    scriptSecretRef = optional(object({
      name = string
    }))
  }))
 | `null` | no |

| storage\_class | The name of storage class used to provision the disks | `string` | `"local-shared"` | no |

| update\_timeout | Timeout for the disk udpate. | `string` | `"10m"` | no |

| vcpus | Number of VCPUs | `number` | `1` | no |

| vm\_type\_name | Name of the exsiting virtual machine type | `string` | `""` | no |

| wait\_conditions | A list of conditions to wait for. | 
list(object({
    type   = string
    status = string
  }))
 | `[]` | no |

| wait\_fields | A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use `*` for any value. | `map(string)` | 
{
  "status.state": "Running"
}
 | no |



## Outputs



| Name | Description |

|------|-------------|

| vm\_name | The name of the VM. |

| vm\_namespace | The namespace of the VM. |



## Requirements



These sections describe requirements for using this module.



### Software



The following dependencies must be available:



- [Terraform][terraform] v1.3

- [Terraform Provider for Kubebernetes][terraform-provider-kubernetes] plugin v2.15



### Environment



Unlike the other GCP Terraform module, this module interact with the Anthos Bare Metal clusters directly. Therefore, it needs to be executed in the environment that has the access to the Anthos Bare Metal cluster.



### Service Account



The service account has to bind the `kubevm.edit` [ClusterRole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) using [RoleBinding](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding).



## Contributing



Refer to the [contribution guidelines](./CONTRIBUTING.md) for

information on contributing to this module.



Other references:

* [iam-module](https://registry.terraform.io/modules/terraform-google-modules/iam/google)

* [project-factory-module](https://registry.terraform.io/modules/terraform-google-modules/project-factory/google)

* [terraform-provider-kubernetes](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs)

* [terraform-provider-gcp](https://www.terraform.io/docs/providers/google/index.html)

* [terraform](https://www.terraform.io/downloads.html)



## Security Disclosures



Please see our [security disclosure process](./SECURITY.md).