Skip to content

Latest commit

 

History

History
86 lines (73 loc) · 7.56 KB

File metadata and controls

86 lines (73 loc) · 7.56 KB

GKE nodepool module

This module allows simplified creation and management of individual GKE nodepools, setting sensible defaults (eg a service account is created for nodes if none is set) and allowing for less verbose usage in most use cases.

Example usage

Module defaults

If no specific node configuration is set via variables, the module uses the provider's defaults only setting OAuth scopes to a minimal working set (devstorage read-only, logging and monitoring write) and the node machine type to n1-standard-1. The service account set by the provider in this case is the GCE default service account.

module "cluster-1-nodepool-1" {
  source                      = "./fabric/modules/gke-nodepool"
  project_id                  = "myproject"
  cluster_name                = "cluster-1"
  location                    = "europe-west1-b"
  name                        = "nodepool-1"
}

Internally managed service account

To have the module auto-create a service account for the nodes, set the node_service_account_create variable to true. When a service account is created by the module, OAuth scopes are set to cloud-platform by default. The service account resource and email (in both plain and IAM formats) are then available in outputs to assign IAM roles from your own code.

module "cluster-1-nodepool-1" {
  source                      = "./fabric/modules/gke-nodepool"
  project_id                  = "myproject"
  cluster_name                = "cluster-1"
  location                    = "europe-west1-b"
  name                        = "nodepool-1"
  node_service_account_create = true
}
# tftest modules=1 resources=2

Variables

name description type required default
cluster_name Cluster name. string
location Cluster location. string
project_id Cluster project id. string
autoscaling_config Optional autoscaling configuration. object({…}) null
gke_version Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. string null
initial_node_count Initial number of nodes for the pool. number 1
kubelet_config Kubelet configuration. object({…}) null
linux_node_config_sysctls Linux node configuration. map(string) null
management_config Optional node management configuration. object({…}) null
max_pods_per_node Maximum number of pods per node. number null
name Optional nodepool name. string null
node_boot_disk_kms_key Customer Managed Encryption Key used to encrypt the boot disk attached to each node. string null
node_count Number of nodes per instance group, can be updated after creation. Ignored when autoscaling is set. number null
node_disk_size Node disk size, defaults to 100GB. number 100
node_disk_type Node disk type, defaults to pd-standard. string "pd-standard"
node_guest_accelerator Map of type and count of attached accelerator cards. map(number) {}
node_image_type Nodes image type. string null
node_labels Kubernetes labels attached to nodes. map(string) {}
node_local_ssd_count Number of local SSDs attached to nodes. number 0
node_locations Optional list of zones in which nodes should be located. Uses cluster locations if unset. list(string) null
node_machine_type Nodes machine type. string "n1-standard-1"
node_metadata Metadata key/value pairs assigned to nodes. Set disable-legacy-endpoints to true when using this variable. map(string) null
node_min_cpu_platform Minimum CPU platform for nodes. string null
node_preemptible Use preemptible VMs for nodes. bool null
node_sandbox_config GKE Sandbox configuration. Needs image_type set to COS_CONTAINERD and node_version set to 1.12.7-gke.17 when using this variable. string null
node_service_account Service account email. Unused if service account is auto-created. string null
node_service_account_create Auto-create service account. bool false
node_service_account_scopes Scopes applied to service account. Default to: 'cloud-platform' when creating a service account; 'devstorage.read_only', 'logging.write', 'monitoring.write' otherwise. list(string) []
node_shielded_instance_config Shielded instance options. object({…}) null
node_spot Use Spot VMs for nodes. bool null
node_tags Network tags applied to nodes. list(string) null
node_taints Kubernetes taints applied to nodes. E.g. type=blue:NoSchedule. list(string) []
upgrade_config Optional node upgrade configuration. object({…}) null
workload_metadata_config Metadata configuration to expose to workloads on the node pool. string "GKE_METADATA"

Outputs

name description sensitive
name Nodepool name.
service_account Service account resource.
service_account_email Service account email.
service_account_iam_email Service account email.