From d78616b6c3e4e0c44ef1d38abc53953763177244 Mon Sep 17 00:00:00 2001 From: Ludo Date: Fri, 22 Sep 2023 10:15:22 +0200 Subject: [PATCH] add support for default nodepool sa in GKE cluster module --- modules/gke-cluster-standard/README.md | 5 +++-- modules/gke-cluster-standard/main.tf | 3 ++- modules/gke-cluster-standard/variables.tf | 8 +++++++- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/gke-cluster-standard/README.md b/modules/gke-cluster-standard/README.md index 3c9b1eb8b1..dc2b4139e3 100644 --- a/modules/gke-cluster-standard/README.md +++ b/modules/gke-cluster-standard/README.md @@ -309,7 +309,7 @@ module "cluster-1" { | [location](variables.tf#L138) | Cluster zone or region. | string | ✓ | | | [name](variables.tf#L249) | Cluster name. | string | ✓ | | | [project_id](variables.tf#L275) | Cluster project id. | string | ✓ | | -| [vpc_config](variables.tf#L292) | VPC-level configuration. | object({…}) | ✓ | | +| [vpc_config](variables.tf#L298) | VPC-level configuration. | object({…}) | ✓ | | | [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} | | [cluster_autoscaling](variables.tf#L37) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null | | [description](variables.tf#L58) | Cluster description. | string | | null | @@ -325,7 +325,8 @@ module "cluster-1" { | [node_locations](variables.tf#L254) | Zones in which the cluster's nodes are located. | list(string) | | [] | | [private_cluster_config](variables.tf#L261) | Private cluster configuration. | object({…}) | | null | | [release_channel](variables.tf#L280) | Release channel for GKE upgrades. | string | | null | -| [tags](variables.tf#L286) | Network tags applied to nodes. | list(string) | | null | +| [service_account](variables.tf#L286) | Service account used for the default node pool, only useful if the default GCE service account has been disabled. | string | | null | +| [tags](variables.tf#L292) | Network tags applied to nodes. | list(string) | | null | ## Outputs diff --git a/modules/gke-cluster-standard/main.tf b/modules/gke-cluster-standard/main.tf index d27f6ab36c..622c2e431d 100644 --- a/modules/gke-cluster-standard/main.tf +++ b/modules/gke-cluster-standard/main.tf @@ -43,6 +43,7 @@ resource "google_container_cluster" "cluster" { # the default node pool is deleted here, use the gke-nodepool module instead. # the default node pool configuration is based on a shielded_nodes variable. node_config { + service_account = var.service_account dynamic "shielded_instance_config" { for_each = var.enable_features.shielded_nodes ? [""] : [] content { @@ -203,7 +204,7 @@ resource "google_container_cluster" "cluster" { ])) } } - # Don't send any GKE cluster logs to Cloud Logging. Input variable validation + # Don't send any GKE cluster logs to Cloud Logging. Input variable validation # makes sure every other log source is false when enable_system_logs is false. dynamic "logging_config" { for_each = var.logging_config.enable_system_logs == false ? [""] : [] diff --git a/modules/gke-cluster-standard/variables.tf b/modules/gke-cluster-standard/variables.tf index 6b76efa701..c470dcfa8b 100644 --- a/modules/gke-cluster-standard/variables.tf +++ b/modules/gke-cluster-standard/variables.tf @@ -151,7 +151,7 @@ variable "logging_config" { }) default = {} nullable = false - # System logs are the minimum required component for enabling log collection. + # System logs are the minimum required component for enabling log collection. # So either everything is off (false), or enable_system_logs must be true. validation { condition = ( @@ -283,6 +283,12 @@ variable "release_channel" { default = null } +variable "service_account" { + description = "Service account used for the default node pool, only useful if the default GCE service account has been disabled." + type = string + default = null +} + variable "tags" { description = "Network tags applied to nodes." type = list(string)