Support additional dns_access attributes in GKE cluster modules (#3781)
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
0be09646b0
commit
f794d764e9
@@ -185,18 +185,18 @@ Clusters can then be configured for fleet registration and one of the config man
|
||||
| [billing_account](variables-fast.tf#L26) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string })">object({…})</code> | ✓ | | <code>0-org-setup</code> |
|
||||
| [environments](variables-fast.tf#L34) | Long environment names. | <code title="object({ dev = object({ name = string }) })">object({…})</code> | ✓ | | <code>0-org-setup</code> |
|
||||
| [prefix](variables-fast.tf#L60) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-org-setup</code> |
|
||||
| [clusters](variables.tf#L17) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ access_config = optional(object({ dns_access = optional(bool, true) ip_access = optional(object({ authorized_ranges = optional(map(string), {}) disable_public_endpoint = optional(bool, true) gcp_public_cidrs_access_enabled = optional(bool, false) private_endpoint_config = optional(object({ endpoint_subnetwork = optional(string) global_access = optional(bool, true) }), {}) })) private_nodes = optional(bool, true) }), {}) cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { shielded_nodes = true workload_identity = true }) fleet_config = optional(object({ register = optional(bool, true) configmanagement_template = optional(string) }), {}) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_system_metrics = optional(bool, true) enable_api_server_metrics = optional(bool, false) enable_controller_manager_metrics = optional(bool, false) enable_scheduler_metrics = optional(bool, false) enable_daemonset_metrics = optional(bool, false) enable_deployment_metrics = optional(bool, false) enable_hpa_metrics = optional(bool, false) enable_pod_metrics = optional(bool, false) enable_statefulset_metrics = optional(bool, false) enable_storage_metrics = optional(bool, false) enable_managed_prometheus = optional(bool, true) }), {}) node_locations = optional(list(string)) release_channel = optional(string) service_account = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) }) node_config = optional(object({ boot_disk_kms_key = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [deletion_protection](variables.tf#L102) | Prevent Terraform from destroying data resources. | <code>bool</code> | | <code>false</code> | |
|
||||
| [clusters](variables.tf#L17) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ access_config = optional(object({ dns_access = optional(object({ allow_external_traffic = optional(bool, true) enable_k8s_tokens = optional(bool) enable_k8s_certs = optional(bool) }), {}) ip_access = optional(object({ authorized_ranges = optional(map(string), {}) disable_public_endpoint = optional(bool, true) gcp_public_cidrs_access_enabled = optional(bool, false) private_endpoint_config = optional(object({ endpoint_subnetwork = optional(string) global_access = optional(bool, true) }), {}) })) private_nodes = optional(bool, true) }), {}) cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { shielded_nodes = true workload_identity = true }) fleet_config = optional(object({ register = optional(bool, true) configmanagement_template = optional(string) }), {}) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_system_metrics = optional(bool, true) enable_api_server_metrics = optional(bool, false) enable_controller_manager_metrics = optional(bool, false) enable_scheduler_metrics = optional(bool, false) enable_daemonset_metrics = optional(bool, false) enable_deployment_metrics = optional(bool, false) enable_hpa_metrics = optional(bool, false) enable_pod_metrics = optional(bool, false) enable_statefulset_metrics = optional(bool, false) enable_storage_metrics = optional(bool, false) enable_managed_prometheus = optional(bool, true) }), {}) node_locations = optional(list(string)) release_channel = optional(string) service_account = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) }) node_config = optional(object({ boot_disk_kms_key = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [deletion_protection](variables.tf#L106) | Prevent Terraform from destroying data resources. | <code>bool</code> | | <code>false</code> | |
|
||||
| [fleet_config](variables-fleet.tf#L19) | Fleet configuration. | <code title="object({ enable_features = optional(object({ appdevexperience = optional(bool, false) configmanagement = optional(bool, false) identityservice = optional(bool, false) multiclusteringress = optional(string, null) multiclusterservicediscovery = optional(bool, false) servicemesh = optional(bool, false) }), {}) use_workload_identity = optional(bool, false) })">object({…})</code> | | <code>null</code> | |
|
||||
| [fleet_configmanagement_templates](variables-fleet.tf#L35) | Sets of fleet configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = optional(bool) version = optional(string) config_sync = object({ git = optional(object({ sync_repo = string policy_dir = string gcp_service_account_email = optional(string) https_proxy = optional(string) secret_type = optional(string, "none") sync_branch = optional(string) sync_rev = optional(string) sync_wait_secs = optional(number) })) prevent_drift = optional(bool) source_format = optional(string, "hierarchy") }) hierarchy_controller = optional(object({ enable_hierarchical_resource_quota = optional(bool) enable_pod_tree_labels = optional(bool) })) policy_controller = object({ audit_interval_seconds = optional(number) exemptable_namespaces = optional(list(string)) log_denies_enabled = optional(bool) referential_rules_enabled = optional(bool) template_library_installed = optional(bool) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [folder_ids](variables-fast.tf#L44) | Folder name => id mappings. | <code>map(string)</code> | | <code>{}</code> | <code>0-org-setup</code> |
|
||||
| [host_project_ids](variables-fast.tf#L52) | Shared VPC host project name => id mappings. | <code>map(string)</code> | | <code>{}</code> | <code>2-networking</code> |
|
||||
| [iam](variables.tf#L109) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_by_principals](variables.tf#L116) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [nodepools](variables.tf#L123) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) k8s_labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" shielded_instance_config = { enable_integrity_monitoring = true enable_secure_boot = true } }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) network_config = optional(object({ enable_private_nodes = optional(bool, true) pod_range = optional(object({ cidr = optional(string) create = optional(bool, false) name = optional(string) }), {}) additional_node_network_configs = optional(list(object({ network = string subnetwork = string })), []) additional_pod_network_configs = optional(list(object({ subnetwork = string secondary_pod_range = string max_pods_per_node = string })), []) })) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(map(object({ value = string effect = string }))) })))">map(map(object({…})))</code> | | <code>{}</code> | |
|
||||
| [stage_config](variables.tf#L172) | FAST stage configuration used to find resource ids. Must match name defined for the stage in resource management. | <code title="object({ environment = string name = string })">object({…})</code> | | <code title="{ environment = "dev" name = "gke-dev" }">{…}</code> | |
|
||||
| [iam](variables.tf#L113) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_by_principals](variables.tf#L120) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [nodepools](variables.tf#L127) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) k8s_labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" shielded_instance_config = { enable_integrity_monitoring = true enable_secure_boot = true } }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) network_config = optional(object({ enable_private_nodes = optional(bool, true) pod_range = optional(object({ cidr = optional(string) create = optional(bool, false) name = optional(string) }), {}) additional_node_network_configs = optional(list(object({ network = string subnetwork = string })), []) additional_pod_network_configs = optional(list(object({ subnetwork = string secondary_pod_range = string max_pods_per_node = string })), []) })) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(map(object({ value = string effect = string }))) })))">map(map(object({…})))</code> | | <code>{}</code> | |
|
||||
| [stage_config](variables.tf#L176) | FAST stage configuration used to find resource ids. Must match name defined for the stage in resource management. | <code title="object({ environment = string name = string })">object({…})</code> | | <code title="{ environment = "dev" name = "gke-dev" }">{…}</code> | |
|
||||
| [subnet_self_links](variables-fast.tf#L70) | Subnet VPC name => { name => self link } mappings. | <code>map(map(string))</code> | | <code>{}</code> | <code>2-networking</code> |
|
||||
| [vpc_config](variables.tf#L184) | VPC-level configuration for project and clusters. | <code title="object({ host_project_id = string vpc_self_link = string })">object({…})</code> | | <code title="{ host_project_id = "dev-spoke-0" vpc_self_link = "dev-spoke-0" }">{…}</code> | |
|
||||
| [vpc_config](variables.tf#L188) | VPC-level configuration for project and clusters. | <code title="object({ host_project_id = string vpc_self_link = string })">object({…})</code> | | <code title="{ host_project_id = "dev-spoke-0" vpc_self_link = "dev-spoke-0" }">{…}</code> | |
|
||||
| [vpc_self_links](variables-fast.tf#L78) | Shared VPC name => self link mappings. | <code>map(string)</code> | | <code>{}</code> | <code>2-networking</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
@@ -18,7 +18,11 @@ variable "clusters" {
|
||||
description = "Clusters configuration. Refer to the gke-cluster module for type details."
|
||||
type = map(object({
|
||||
access_config = optional(object({
|
||||
dns_access = optional(bool, true)
|
||||
dns_access = optional(object({
|
||||
allow_external_traffic = optional(bool, true)
|
||||
enable_k8s_tokens = optional(bool)
|
||||
enable_k8s_certs = optional(bool)
|
||||
}), {})
|
||||
ip_access = optional(object({
|
||||
authorized_ranges = optional(map(string), {})
|
||||
disable_public_endpoint = optional(bool, true)
|
||||
|
||||
Reference in New Issue
Block a user