-
Notifications
You must be signed in to change notification settings - Fork 6
/
main.tf
109 lines (93 loc) · 2.78 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
data "google_client_config" "default" {}
// Enable the container service in order to fix race conditions
resource "google_project_service" "container" {
project = "${var.project}"
service = "container.googleapis.com"
disable_on_destroy = false
}
data "google_container_engine_versions" "engine_version" {
location = "${var.location}"
project = "${var.project}"
}
resource "google_container_cluster" "k8s" {
provider = "google-beta"
// It is reccomended to ignore node count and versions specifications in the lifecycle
lifecycle {
ignore_changes = [
"initial_node_count",
"master_version",
"min_master_version",
"node_version"
]
}
name = "${var.name}"
project = "${var.project}"
depends_on = ["google_project_service.container"]
location = "${var.location}"
node_locations = "${var.node_locations}"
// Use provided master version, fallback to latest version
min_master_version = "${lookup(var.versions_config, "version", data.google_container_engine_versions.engine_version.latest_master_version)}"
node_version = "${lookup(var.versions_config, "version", data.google_container_engine_versions.engine_version.latest_node_version)}"
// It is reccomended to remove default node pool and create node pools manually
remove_default_node_pool = "true"
initial_node_count = 1
// Cluster networking configuration
network = "${var.network}"
subnetwork = "${var.subnetwork}"
private_cluster_config {
master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
enable_private_nodes = "true"
enable_private_endpoint = "${var.enable_private_endpoint}"
}
ip_allocation_policy {
cluster_secondary_range_name = "${var.cluster_range}"
services_secondary_range_name = "${var.services_range}"
}
master_authorized_networks_config {
dynamic "cidr_blocks" {
for_each = var.manc
content {
cidr_block = cidr_blocks.value
display_name = cidr_blocks.key
}
}
}
master_auth {
client_certificate_config {
issue_client_certificate = false
}
}
maintenance_policy {
daily_maintenance_window {
start_time = "${var.daily_maintenance_window_start_time}"
}
}
addons_config {
http_load_balancing {
disabled = false
}
horizontal_pod_autoscaling {
disabled = false
}
network_policy_config {
disabled = false
}
istio_config {
disabled = var.disable_istio
auth = var.istio_auth
}
cloudrun_config {
disabled = var.disable_cloudrun
}
}
network_policy {
provider = "PROVIDER_UNSPECIFIED"
enabled = "true"
}
resource_labels = "${var.labels}"
timeouts {
create = "25m"
update = "20m"
delete = "35m"
}
}