Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jameswoolfenden/terraform-gcp-cluster

Set up a GKE cluster connected as part of shared VPC
https://github.com/jameswoolfenden/terraform-gcp-cluster

gcp gke module terraform

Last synced: about 2 months ago
JSON representation

Set up a GKE cluster connected as part of shared VPC

Host: GitHub
URL: https://github.com/jameswoolfenden/terraform-gcp-cluster
Owner: JamesWoolfenden
License: apache-2.0
Created: 2019-08-29T10:46:25.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-11-17T08:09:46.000Z (about 1 year ago)
Last Synced: 2023-12-16T12:57:46.897Z (about 1 year ago)
Topics: gcp, gke, module, terraform
Language: HCL
Homepage:
Size: 116 KB
Stars: 2
Watchers: 3
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

        # terraform-gcp-cluster

[![Build Status](https://github.com/JamesWoolfenden/terraform-gcp-cluster/workflows/Verify/badge.svg?branch=master)](https://github.com/JamesWoolfenden/terraform-gcp-cluster)

[![Latest Release](https://img.shields.io/github/release/JamesWoolfenden/terraform-gcp-cluster.svg)](https://github.com/JamesWoolfenden/terraform-gcp-cluster/releases/latest)

[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)

[![checkov](https://img.shields.io/badge/checkov-verified-brightgreen)](https://www.checkov.io/)

A lightweight GKE cluster module.

```terraform

module "cluster" {

  source                         = "JamesWoolfenden/cluster/gcp"

  ip_allocation_policy           = var.ip_allocation_policy

  location                       = var.location

  master_authorized_network_cidr = module.ip.cidr

  name                           = var.name

  network                        = var.network

  network_project                = var.network_project

  node_pool                      = var.node_pool

  private_cluster_config         = var.private_cluster_config

  region                         = var.region

  subnetwork                     = var.subnetwork

  network_policy_config_disabled = var.network_policy_config_disabled

}

```

Connecting:

```bash

gcloud components install gke-gcloud-auth-plugin

gcloud container clusters get-credentials $CLUSTER_NAME --zone $ZONE --project $PROJECT_ID

```

e.g.  gcloud container clusters get-credentials cluster-1 --zone us-central1-a --project pike-gcp

[drop from GP or add GP as control plane assess]

$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)

Install Istio

$ brew install istioctl

$ istioctl install

## Costs

```text

Monthly cost estimate

Project: JamesWoolfenden/terraform-gcp-cluster/example/examplea

 Name                                                      Monthly Qty  Unit   Monthly Cost

 module.cluster.google_container_cluster.cluster

 └─ Cluster management fee                                         730  hours        $73.00

 module.cluster.google_container_node_pool.nodepool

 ├─ Instance usage (Linux/UNIX, on-demand, n1-standard-2)          730  hours        $48.54

 └─ Standard provisioned storage (pd-standard)                      10  GiB           $0.40

 OVERALL TOTAL                                                                      $121.94

```

## Requirements

No requirements.

## Providers

| Name | Version |

|------|---------|

|  [google](#provider\_google) | n/a |

|  [google-beta](#provider\_google-beta) | n/a |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [google-beta_google_container_cluster.cluster](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/google_container_cluster) | resource |

| [google_container_node_pool.nodepool](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource |

| [google_service_account.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [auto\_upgrade](#input\_auto\_upgrade) | n/a | `bool` | `true` | no |

|  [http\_load\_balancing\_disabled](#input\_http\_load\_balancing\_disabled) | Disable Http Load balancing | `bool` | `false` | no |

|  [ip\_allocation\_policy](#input\_ip\_allocation\_policy) | Values to fill the cluster ip\_allocation\_policy block | `map(any)` | n/a | yes |

|  [key\_name](#input\_key\_name) | Changing key name as keys and key rings are undeletable | `string` | n/a | yes |

|  [kubernetes\_dashboard\_disabled](#input\_kubernetes\_dashboard\_disabled) | Switch on the Dashboard | `bool` | `false` | no |

|  [location](#input\_location) | n/a | `string` | n/a | yes |

|  [maintenance\_window](#input\_maintenance\_window) | n/a | `string` | `"00:30"` | no |

|  [master\_authorized\_network\_cidr](#input\_master\_authorized\_network\_cidr) | The range of IPs that can connect to the Kubernetes master | `string` | n/a | yes |

|  [name](#input\_name) | The Name of the cluster | `string` | n/a | yes |

|  [network](#input\_network) | The VPC | `any` | n/a | yes |

|  [network\_policy](#input\_network\_policy) | To enable the network policy | `bool` | `true` | no |

|  [network\_policy\_config\_disabled](#input\_network\_policy\_config\_disabled) | Toggle network policy | `bool` | `false` | no |

|  [node\_pool](#input\_node\_pool) | Configuration of the Node hosts | `map(any)` | 
{
  "auto_repair": "true",
  "auto_upgrade": "true",
  "autoscaling_max": "10",
  "autoscaling_min": "1",
  "disk_size_gb": "10",
  "disk_type": "pd-standard",
  "machine_type": "n1-standard-2",
  "max_pods_per_node": "32",
  "name": "default-pool",
  "node_count": "1"
} | no |

|  [pod\_security\_policy\_config\_enabled](#input\_pod\_security\_policy\_config\_enabled) | n/a | `bool` | `true` | no |

|  [private\_cluster\_config](#input\_private\_cluster\_config) | Values to fill the cluster private\_cluster\_config block | `map(any)` | n/a | yes |

|  [project](#input\_project) | The GCP project of the Network the cluster is in | `any` | n/a | yes |

|  [region](#input\_region) | The GCP region | `string` | n/a | yes |

|  [release\_channel](#input\_release\_channel) | Set the release channel UNSPECIFIED\|RAPID\|REGULAR\|STABLE | `string` | `"STABLE"` | no |

|  [resource\_labels](#input\_resource\_labels) | n/a | `map(any)` | {
  "createdby": "terraform",
  "module": "terraform-gcp-cluster"
} | no |

|  [subnetwork](#input\_subnetwork) | The name of the sub-net to use | `any` | n/a | yes |

|  [zones](#input\_zones) | n/a | `any` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [service\_account](#output\_service\_account) | n/a |

## Role and Permissions

The Terraform resource required is:

```golang

resource "google_project_iam_custom_role" "terraform_pike" {

  project     = "pike"

  role_id     = "terraform_pike"

  title       = "terraform_pike"

  description = "A user with least privileges"

  permissions = [

    "compute.instanceGroupManagers.get",

    "container.clusters.create",

    "container.clusters.delete",

    "container.clusters.get",

    "container.clusters.update",

    "container.operations.get",

    "iam.serviceAccounts.actAs",

    "iam.serviceAccounts.create",

    "iam.serviceAccounts.delete",

    "iam.serviceAccounts.get",

    "iam.serviceAccounts.update"

  ]

}

```

## Related Projects

Check out these related projects.

- [terraform-aws-codecommit](https://github.com/jameswoolfenden/terraform-aws-codebuild) - Storing ones code

## Help

**Got a question?**

File a GitHub [issue](https://github.com/jameswoolfenden/terraform-aws-cluster/issues).

## Contributing

### Bug Reports & Feature Requests

Please use the [issue tracker](https://github.com/jameswoolfenden/terraform-aws-cluster/issues) to report any bugs or file feature requests.

## Copyrights

Copyright © 2019-2023 James Woolfenden

## License

[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

See [LICENSE](LICENSE) for full details.

Licensed to the Apache Software Foundation (ASF) under one

or more contributor license agreements. See the NOTICE file

distributed with this work for additional information

regarding copyright ownership. The ASF licenses this file

to you under the Apache License, Version 2.0 (the

"License"); you may not use this file except in compliance

with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied. See the License for the

specific language governing permissions and limitations

under the License.

### Contributors

[![James Woolfenden][jameswoolfenden_avatar]][jameswoolfenden_homepage]
[James Woolfenden][jameswoolfenden_homepage]

[jameswoolfenden_homepage]: https://github.com/jameswoolfenden

[jameswoolfenden_avatar]: https://github.com/jameswoolfenden.png?size=150