kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add example to FAST GKE stage, streamline GKE Hub module variables and usage (#1977)

Browse Source 
* implement optionals in gke-hub module

* simplify gke hub module call in mc mesh blueprint

* simplify gke hub module call and variables in multitenant blueprint

* gke hub inventory

* provide cluster and fleet examples in stage
This commit is contained in:
Ludovico Magnocavallo
2024-01-20 11:06:38 +01:00
committed by GitHub
parent d62012cebc
commit 11d7edac64
8 changed files with 143 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
modules/gke-hub/README.md
View File

@@ -75,29 +75,17 @@ module "hub" {
cluster-1 = module.cluster_1.id
}
features = {
appdevexperience = false
configmanagement = true
identityservice = false
multiclusteringress = null
servicemesh = false
multiclusterservicediscovery = false
configmanagement = true
}
configmanagement_templates = {
default = {
binauthz = false
config_sync = {
git = {
gcp_service_account_email = null
https_proxy = null
policy_dir = "configsync"
secret_type = "none"
source_format = "hierarchy"
sync_branch = "main"
sync_repo = "https://github.com/danielmarzini/configsync-platform-example"
sync_rev = null
sync_wait_secs = null
policy_dir = "configsync"
source_format = "hierarchy"
sync_branch = "main"
sync_repo = "https://github.com/danielmarzini/configsync-platform-example"
}
prevent_drift = false
source_format = "hierarchy"
}
hierarchy_controller = {
@@ -106,7 +94,6 @@ module "hub" {
}
policy_controller = {
audit_interval_seconds = 120
exemptable_namespaces = []
log_denies_enabled = true
referential_rules_enabled = true
template_library_installed = true
@@ -317,22 +304,20 @@ module "hub" {
# tftest modules=8 resources=34
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L87) | GKE hub project ID. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L80) | GKE hub project ID. | <code>string</code> | ✓ | |
| [clusters](variables.tf#L17) | Clusters members of this GKE Hub in name => id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [configmanagement_clusters](variables.tf#L24) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [configmanagement_templates](variables.tf#L31) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map&#40;object&#40;&#123;&#10; binauthz &#61; bool&#10; config_sync &#61; object&#40;&#123;&#10; git &#61; object&#40;&#123;&#10; gcp_service_account_email &#61; string&#10; https_proxy &#61; string&#10; policy_dir &#61; string&#10; secret_type &#61; string&#10; sync_branch &#61; string&#10; sync_repo &#61; string&#10; sync_rev &#61; string&#10; sync_wait_secs &#61; number&#10; &#125;&#41;&#10; prevent_drift &#61; string&#10; source_format &#61; string&#10; &#125;&#41;&#10; hierarchy_controller &#61; object&#40;&#123;&#10; enable_hierarchical_resource_quota &#61; bool&#10; enable_pod_tree_labels &#61; bool&#10; &#125;&#41;&#10; policy_controller &#61; object&#40;&#123;&#10; audit_interval_seconds &#61; number&#10; exemptable_namespaces &#61; list&#40;string&#41;&#10; log_denies_enabled &#61; bool&#10; referential_rules_enabled &#61; bool&#10; template_library_installed &#61; bool&#10; &#125;&#41;&#10; version &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [features](variables.tf#L66) | Enable and configure fleet features. | <code title="object&#40;&#123;&#10; appdevexperience &#61; optional&#40;bool, false&#41;&#10; configmanagement &#61; optional&#40;bool, false&#41;&#10; identityservice &#61; optional&#40;bool, false&#41;&#10; multiclusteringress &#61; optional&#40;string, null&#41;&#10; multiclusterservicediscovery &#61; optional&#40;bool, false&#41;&#10; servicemesh &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; appdevexperience &#61; false&#10; configmanagement &#61; false&#10; identityservice &#61; false&#10; multiclusteringress &#61; null&#10; servicemesh &#61; false&#10; multiclusterservicediscovery &#61; false&#10;&#125;">&#123;&#8230;&#125;</code> |
| [workload_identity_clusters](variables.tf#L92) | Clusters that will use Fleet Workload Identity. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [configmanagement_templates](variables.tf#L31) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map&#40;object&#40;&#123;&#10; binauthz &#61; optional&#40;bool&#41;&#10; version &#61; optional&#40;string&#41;&#10; config_sync &#61; object&#40;&#123;&#10; git &#61; optional&#40;object&#40;&#123;&#10; sync_repo &#61; string&#10; policy_dir &#61; string&#10; gcp_service_account_email &#61; optional&#40;string&#41;&#10; https_proxy &#61; optional&#40;string&#41;&#10; secret_type &#61; optional&#40;string, &#34;none&#34;&#41;&#10; sync_branch &#61; optional&#40;string&#41;&#10; sync_rev &#61; optional&#40;string&#41;&#10; sync_wait_secs &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; prevent_drift &#61; optional&#40;bool&#41;&#10; source_format &#61; optional&#40;string, &#34;hierarchy&#34;&#41;&#10; &#125;&#41;&#10; hierarchy_controller &#61; optional&#40;object&#40;&#123;&#10; enable_hierarchical_resource_quota &#61; optional&#40;bool&#41;&#10; enable_pod_tree_labels &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; policy_controller &#61; object&#40;&#123;&#10; audit_interval_seconds &#61; optional&#40;number&#41;&#10; exemptable_namespaces &#61; optional&#40;list&#40;string&#41;&#41;&#10; log_denies_enabled &#61; optional&#40;bool&#41;&#10; referential_rules_enabled &#61; optional&#40;bool&#41;&#10; template_library_installed &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [features](variables.tf#L66) | Enable and configure fleet features. | <code title="object&#40;&#123;&#10; appdevexperience &#61; optional&#40;bool, false&#41;&#10; configmanagement &#61; optional&#40;bool, false&#41;&#10; identityservice &#61; optional&#40;bool, false&#41;&#10; multiclusteringress &#61; optional&#40;string, null&#41;&#10; multiclusterservicediscovery &#61; optional&#40;bool, false&#41;&#10; servicemesh &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [workload_identity_clusters](variables.tf#L85) | Clusters that will use Fleet Workload Identity. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [cluster_ids](outputs.tf#L17) | Fully qualified ids of all clusters. | |
<!-- END TFDOC -->

53
modules/gke-hub/variables.tf
View File

@@ -31,33 +31,33 @@ variable "configmanagement_clusters" {
variable "configmanagement_templates" {
description = "Sets of config management configurations that can be applied to member clusters, in config name => {options} format."
type = map(object({
binauthz = bool
binauthz = optional(bool)
version = optional(string)
config_sync = object({
git = object({
gcp_service_account_email = string
https_proxy = string
policy_dir = string
secret_type = string
sync_branch = string
git = optional(object({
sync_repo = string
sync_rev = string
sync_wait_secs = number
})
prevent_drift = string
source_format = string
})
hierarchy_controller = object({
enable_hierarchical_resource_quota = bool
enable_pod_tree_labels = bool
policy_dir = string
gcp_service_account_email = optional(string)
https_proxy = optional(string)
secret_type = optional(string, "none")
sync_branch = optional(string)
sync_rev = optional(string)
sync_wait_secs = optional(number)
}))
prevent_drift = optional(bool)
source_format = optional(string, "hierarchy")
})
hierarchy_controller = optional(object({
enable_hierarchical_resource_quota = optional(bool)
enable_pod_tree_labels = optional(bool)
}))
policy_controller = object({
audit_interval_seconds = number
exemptable_namespaces = list(string)
log_denies_enabled = bool
referential_rules_enabled = bool
template_library_installed = bool
audit_interval_seconds = optional(number)
exemptable_namespaces = optional(list(string))
log_denies_enabled = optional(bool)
referential_rules_enabled = optional(bool)
template_library_installed = optional(bool)
})
version = string
}))
default = {}
nullable = false
@@ -73,14 +73,7 @@ variable "features" {
multiclusterservicediscovery = optional(bool, false)
servicemesh = optional(bool, false)
})
default = {
appdevexperience = false
configmanagement = false
identityservice = false
multiclusteringress = null
servicemesh = false
multiclusterservicediscovery = false
}
default = {}
nullable = false
}