Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Support private nodes on public GKE #57

Merged
merged 4 commits into from
Dec 5, 2024
Merged

feat: Support private nodes on public GKE #57

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a615d55
Support private nodes on public gke
ciiiii Dec 4, 2024
53e586f
Upgrade GKE module version
ciiiii Dec 4, 2024
ebd35ca
Fix condition
ciiiii Dec 4, 2024
8ca517a
Upgrade GKE module
ciiiii Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
98 changes: 58 additions & 40 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ resource "google_kms_crypto_key" "gke_encryption_key" {

# Required for GKE to use the encryption key
resource "google_project_iam_member" "kms_iam_binding" {
count = var.enable_database_encryption ? 1 : 0 # Only create if the feature is enabled
count = var.enable_database_encryption ? 1 : 0 # Only create if the feature is enabled
project = var.project_id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
Expand All @@ -46,46 +46,64 @@ locals {

### Node Pools
default_node_pool_config = {
auto_repair = var.node_pool_auto_repair
auto_upgrade = var.node_pool_auto_upgrade
autoscaling = var.node_pool_autoscaling
disk_size_gb = var.node_pool_disk_size
disk_type = var.node_pool_disk_type
enable_secure_boot = var.node_pool_secure_boot
image_type = var.node_pool_image_type
initial_node_count = var.node_pool_autoscaling_initial_count
local_ssd_count = var.node_pool_ssd_count
machine_type = var.node_pool_machine_type
max_pods_per_node = var.node_pool_max_pods_per_node
max_count = var.node_pool_autoscaling_max_size
min_count = var.node_pool_autoscaling_min_size
name = var.node_pool_name
node_count = var.node_pool_autoscaling ? null : var.node_pool_count
node_locations = var.node_pool_locations != "" ? var.node_pool_locations : ""
service_account = var.create_service_account ? "" : var.node_pool_service_account
version = var.node_pool_auto_upgrade ? null : var.node_pool_version
auto_repair = var.node_pool_auto_repair
auto_upgrade = var.node_pool_auto_upgrade
autoscaling = var.node_pool_autoscaling
disk_size_gb = var.node_pool_disk_size
disk_type = var.node_pool_disk_type
enable_secure_boot = var.node_pool_secure_boot
image_type = var.node_pool_image_type
initial_node_count = var.node_pool_autoscaling_initial_count
local_ssd_count = var.node_pool_ssd_count
machine_type = var.node_pool_machine_type
pod_range = var.secondary_ip_range_pods
enable_private_nodes = var.enable_private_nodes
max_pods_per_node = var.node_pool_max_pods_per_node
max_count = var.node_pool_autoscaling_max_size
min_count = var.node_pool_autoscaling_min_size
name = var.node_pool_name
node_count = var.node_pool_autoscaling ? null : var.node_pool_count
node_locations = var.node_pool_locations != "" ? var.node_pool_locations : ""
service_account = var.create_service_account ? "" : var.node_pool_service_account
version = var.node_pool_auto_upgrade ? null : var.node_pool_version
}
func_pool_config = {
auto_repair = var.func_pool_auto_repair
auto_upgrade = var.func_pool_auto_upgrade
autoscaling = var.func_pool_autoscaling
disk_size_gb = var.func_pool_disk_size
disk_type = var.func_pool_disk_type
enable_secure_boot = var.node_pool_secure_boot
image_type = var.func_pool_image_type
initial_node_count = var.func_pool_autoscaling_initial_count
local_ssd_count = var.func_pool_ssd_count
machine_type = var.func_pool_machine_type
max_pods_per_node = var.func_pool_max_pods_per_node
max_count = var.func_pool_autoscaling_max_size
min_count = var.func_pool_autoscaling_min_size
name = var.func_pool_name
node_count = var.func_pool_autoscaling ? null : var.func_pool_count
node_locations = var.func_pool_locations != "" ? var.func_pool_locations : var.node_pool_locations
service_account = var.create_service_account ? "" : var.func_pool_service_account
version = var.func_pool_auto_upgrade ? null : var.func_pool_version
auto_repair = var.func_pool_auto_repair
auto_upgrade = var.func_pool_auto_upgrade
autoscaling = var.func_pool_autoscaling
disk_size_gb = var.func_pool_disk_size
disk_type = var.func_pool_disk_type
enable_secure_boot = var.node_pool_secure_boot
image_type = var.func_pool_image_type
initial_node_count = var.func_pool_autoscaling_initial_count
local_ssd_count = var.func_pool_ssd_count
machine_type = var.func_pool_machine_type
pod_range = var.secondary_ip_range_pods
enable_private_nodes = var.enable_private_nodes
max_pods_per_node = var.func_pool_max_pods_per_node
max_count = var.func_pool_autoscaling_max_size
min_count = var.func_pool_autoscaling_min_size
name = var.func_pool_name
node_count = var.func_pool_autoscaling ? null : var.func_pool_count
node_locations = var.func_pool_locations != "" ? var.func_pool_locations : var.node_pool_locations
service_account = var.create_service_account ? "" : var.func_pool_service_account
version = var.func_pool_auto_upgrade ? null : var.func_pool_version
}
node_pools = var.enable_func_pool ? [local.default_node_pool_config, local.func_pool_config] : [local.default_node_pool_config]
default_node_pool = merge(
local.default_node_pool_config,
!var.enable_private_gke ?
{
enable_private_nodes = var.enable_private_nodes
} : {}
)
func_pool = merge(
local.func_pool_config,
!var.enable_private_gke ?
{
enable_private_nodes = var.enable_private_nodes
} : {}
)
node_pools = var.enable_func_pool ? [local.default_node_pool, local.func_pool] : [local.default_node_pool]
node_pools_labels = {
all = {
cluster_name = var.cluster_name
Expand Down Expand Up @@ -144,7 +162,7 @@ module "gke" {
count = var.enable_private_gke ? 0 : 1
source = "terraform-google-modules/kubernetes-engine/google"
name = var.cluster_name
version = "29.0.0"
version = "30.3.0"

add_cluster_firewall_rules = var.add_cluster_firewall_rules
add_master_webhook_firewall_rules = var.add_master_webhook_firewall_rules
Expand Down Expand Up @@ -186,7 +204,7 @@ module "gke_private" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"

name = var.cluster_name
version = "29.0.0"
version = "30.3.0"

add_cluster_firewall_rules = var.add_cluster_firewall_rules
add_master_webhook_firewall_rules = var.add_master_webhook_firewall_rules
Expand Down
40 changes: 21 additions & 19 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,25 +69,27 @@ variable "cert_issuer_support_email" {

variable "cluster_autoscaling_config" {
default = {
enabled = false
max_cpu_cores = null
min_cpu_cores = null
max_memory_gb = null
min_memory_gb = null
gpu_resources = []
auto_repair = true
auto_upgrade = false
enabled = false
max_cpu_cores = null
min_cpu_cores = null
max_memory_gb = null
min_memory_gb = null
gpu_resources = []
auto_repair = true
auto_upgrade = false
autoscaling_profile = "BALANCED"
}
description = "Cluster autoscaling configuration for node auto-provisioning. This is disabled for our configuration, since we typically want to scale existing node pools rather than add new ones to the cluster"
type = object({
enabled = bool
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
enabled = bool
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
autoscaling_profile = string
})
}

Expand Down Expand Up @@ -644,8 +646,8 @@ variable "istio_network_loadbalancer" {

variable "enable_private_nodes" {
type = bool
description = "Whether nodes have internal IP addresses only, only used for private clusters"
default = true
description = "Whether nodes have internal IP addresses only."
default = false
}

variable "master_ipv4_cidr_block" {
Expand All @@ -658,4 +660,4 @@ variable "deletion_protection" {
type = bool
description = "Whether or not to allow Terraform to destroy the cluster."
default = true
}
}
Loading