kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a0987e189d66bad3b6f4c863abb9d259120df891
hunfabric/modules/gke-hub/variables.tf
Julio Castillo 9b9ad76ced Update gke-hub module to use new Policy Controller API (#3332) 
* Update gke-hub to use new Policy Controller API

Fixes #3287

* Use same config format for servicemesh

* remove useless trys

* use ternaries as in the rest of the repo

* Update docs and fix tests

* Update variables

* Bump tofu version

* Bump terraform version 1.12
2025-10-13 09:47:39 +02:00

220 lines
7.8 KiB
HCL
Raw Blame History

/**
* Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "clusters" {
description = "A map of GKE clusters to register with GKE Hub and their associated feature configurations. The key is a logical name for the cluster, and the value is an object describing the cluster and its features."
type = map(object({
id = string
configmanagement = optional(string)
policycontroller = optional(string)
servicemesh = optional(string)
workload_identity = optional(bool, false)
}))
default = {}
nullable = false
}
variable "configmanagement_templates" {
description = "Sets of config management configurations that can be applied to member clusters, in config name => {options} format."
type = map(object({
version = optional(string)
config_sync = object({
git = optional(object({
sync_repo = string
policy_dir = string
gcp_service_account_email = optional(string)
https_proxy = optional(string)
secret_type = optional(string, "none")
sync_branch = optional(string)
sync_rev = optional(string)
sync_wait_secs = optional(number)
}))
prevent_drift = optional(bool)
source_format = optional(string, "hierarchy")
})
hierarchy_controller = optional(object({
enable_hierarchical_resource_quota = optional(bool)
enable_pod_tree_labels = optional(bool)
}))
policy_controller = optional(any) # DEPRECATED: Use policycontroller_templates instead
}))
default = {}
nullable = false
validation {
condition = alltrue([
for k, v in var.configmanagement_templates : v.policy_controller == null
])
error_message = "The 'policy_controller' field in configmanagement_templates is deprecated. Please use the 'policycontroller_templates' variable instead to configure Policy Controller with its own API."
}
}
variable "features" {
description = "Enable and configure fleet features."
type = object({
appdevexperience = optional(bool, false)
configmanagement = optional(bool, false)
identityservice = optional(bool, false)
multiclusteringress = optional(string, null)
multiclusterservicediscovery = optional(bool, false)
policycontroller = optional(bool, false)
servicemesh = optional(bool, false)
})
default = {}
nullable = false
}
variable "fleet_default_member_config" {
description = "Fleet default member config."
type = object({
mesh = optional(object({
management = optional(string, "MANAGEMENT_AUTOMATIC")
}))
configmanagement = optional(object({
version = optional(string)
config_sync = optional(object({
prevent_drift = optional(bool)
source_format = optional(string, "hierarchy")
enabled = optional(bool)
git = optional(object({
gcp_service_account_email = optional(string)
https_proxy = optional(string)
policy_dir = optional(string)
secret_type = optional(string, "none")
sync_branch = optional(string)
sync_repo = optional(string)
sync_rev = optional(string)
sync_wait_secs = optional(number)
}))
}))
}))
policycontroller = optional(object({
version = optional(string)
policy_controller_hub_config = object({
audit_interval_seconds = optional(number)
constraint_violation_limit = optional(number)
exemptable_namespaces = optional(list(string))
install_spec = optional(string)
log_denies_enabled = optional(bool)
mutation_enabled = optional(bool)
referential_rules_enabled = optional(bool)
deployment_configs = optional(map(object({
container_resources = optional(object({
limits = optional(object({
cpu = optional(string)
memory = optional(string)
}))
requests = optional(object({
cpu = optional(string)
memory = optional(string)
}))
}))
pod_affinity = optional(string)
pod_toleration = optional(list(object({
key = optional(string)
operator = optional(string)
value = optional(string)
effect = optional(string)
})), [])
replica_count = optional(number)
})))
monitoring = optional(object({
backends = optional(list(string))
}))
policy_content = optional(object({
bundles = optional(map(object({
exempted_namespaces = optional(list(string))
})))
template_library = optional(object({
installation = optional(string)
}))
}))
})
}))
})
default = null
nullable = true
}
variable "location" {
description = "GKE hub location, will also be used for the membership location."
type = string
default = null
nullable = true
}
variable "policycontroller_templates" {
description = "Sets of Policy Controller configurations that can be applied to member clusters, in config name => {options} format."
type = map(object({
version = optional(string)
policy_controller_hub_config = object({
audit_interval_seconds = optional(number)
constraint_violation_limit = optional(number)
exemptable_namespaces = optional(list(string))
install_spec = optional(string)
log_denies_enabled = optional(bool)
mutation_enabled = optional(bool)
referential_rules_enabled = optional(bool)
deployment_configs = optional(map(object({
container_resources = optional(object({
limits = optional(object({
cpu = optional(string)
memory = optional(string)
}))
requests = optional(object({
cpu = optional(string)
memory = optional(string)
}))
}))
pod_affinity = optional(string)
pod_tolerations = optional(list(object({
key = optional(string)
operator = optional(string)
value = optional(string)
effect = optional(string)
})), [])
replica_count = optional(number)
})))
monitoring = optional(object({
backends = optional(list(string))
}))
policy_content = optional(object({
bundles = optional(map(object({
exempted_namespaces = optional(list(string))
})))
template_library = optional(object({
installation = optional(string)
}))
}))
})
}))
default = {}
nullable = false
}
variable "project_id" {
description = "GKE hub project ID."
type = string
}
variable "servicemesh_templates" {
description = "Sets of Service Mesh configurations that can be applied to member clusters, in config name => {options} format."
type = map(object({
management = optional(string, "MANAGEMENT_AUTOMATIC")
}))
default = {}
nullable = false
}
Reference in New Issue View Git Blame Copy Permalink