kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ecdc248f3fcc98125537875c19098ebcdbd6aabd
hunfabric/modules/workstation-cluster
History
Julio Castillo 9b9ad76ced Update gke-hub module to use new Policy Controller API (#3332) 
* Update gke-hub to use new Policy Controller API

Fixes #3287

* Use same config format for servicemesh

* remove useless trys

* use ternaries as in the rest of the repo

* Update docs and fix tests

* Update variables

* Bump tofu version

* Bump terraform version 1.12
2025-10-13 09:47:39 +02:00
..
iam.tf
Minor fixes in workstations IAM (#2375)
2024-06-24 08:59:29 +02:00
main.tf
Support display_name for workstation configurations (#3251)
2025-07-28 13:00:20 +02:00
outputs.tf
Added workstation-cluster module
2023-11-30 07:02:28 +01:00
README.md
add support for max workstations, refactor timeouts in workstation-cluster module (#2911)
2025-02-19 09:45:38 +00:00
variables.tf
add support for max workstations, refactor timeouts in workstation-cluster module (#2911)
2025-02-19 09:45:38 +00:00
versions.tf
Update gke-hub module to use new Policy Controller API (#3332)
2025-10-13 09:47:39 +02:00
versions.tofu
Update gke-hub module to use new Policy Controller API (#3332)
2025-10-13 09:47:39 +02:00

README.md

Workstation cluster

This module allows to create a workstation cluster with associated workstation configs and workstations. In addition to this it allows to set up IAM bindings for the workstation configs and the workstations.

Simple example

Simple example showing how to create a cluster with publicly accessible workstations using the default base image.

module "workstation-cluster" {
  source     = "./fabric/modules/workstation-cluster"
  project_id = var.project_id
  id         = "my-workstation-cluster"
  location   = var.region
  network_config = {
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }
  workstation_configs = {
    my-workstation-config = {
      workstations = {
        my-workstation = {
          labels = {
            team = "my-team"
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=3 inventory=simple.yaml

Private cluster

Example showing how to create a cluster with a privately accessible workstation using the default base image.

module "workstation-cluster" {
  source     = "./fabric/modules/workstation-cluster"
  project_id = var.project_id
  id         = "my-workstation-cluster"
  location   = var.region
  network_config = {
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }
  private_cluster_config = {
    enable_private_endpoint = true
  }
  workstation_configs = {
    my-workstation-config = {
      gce_instance = {
        disable_public_ip_addresses = true
      }
      workstations = {
        my-workstation = {
          labels = {
            team = "my-team"
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=3 inventory=private-cluster.yaml

Custom image

Example showing how to create a cluster with publicly accessible workstation that run a custom image.

module "workstation-cluster" {
  source     = "./fabric/modules/workstation-cluster"
  project_id = var.project_id
  id         = "my-workstation-cluster"
  location   = var.region
  network_config = {
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }
  workstation_configs = {
    my-workstation-config = {
      container = {
        image = "repo/my-image:v10.0.0"
        args  = ["--arg1", "value1", "--arg2", "value2"]
        env = {
          VAR1 = "VALUE1"
          VAR2 = "VALUE2"
        }
        working_dir = "/my-dir"
      }
      workstations = {
        my-workstation = {
          labels = {
            team = "my-team"
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=3 inventory=custom-image.yaml

IAM

Example showing how to grant IAM roles on the workstation configuration or workstation.

module "workstation-cluster" {
  source     = "./fabric/modules/workstation-cluster"
  project_id = var.project_id
  id         = "my-workstation-cluster"
  location   = var.region
  network_config = {
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }
  workstation_configs = {
    my-workstation-config = {
      workstations = {
        my-workstation = {
          labels = {
            team = "my-team"
          }
          iam = {
            "roles/workstations.user" = ["user:user1@my-org.com"]
          }
        }
      }
      iam = {
        "roles/viewer" = ["group:group1@my-org.com"]
      }
      iam_bindings = {
        workstations-config-viewer = {
          role    = "roles/viewer"
          members = ["group:group2@my-org.com"]
          condition = {
            title      = "limited-access"
            expression = "resource.name.startsWith('my-')"
          }
        }
      }
      iam_bindings_additive = {
        workstations-config-editor = {
          role   = "roles/editor"
          member = "group:group3@my-org.com"
          condition = {
            title      = "limited-access"
            expression = "resource.name.startsWith('my-')"
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=7 inventory=iam.yaml

Variables

name description type required default
id Workstation cluster ID. string
location Location. string
network_config Network configuration. object({…})
project_id Cluster ID. string
workstation_configs Workstation configurations. map(object({…}))
annotations Workstation cluster annotations. map(string) {}
display_name Display name. string null
domain Domain. string null
labels Workstation cluster labels. map(string) {}
private_cluster_config Private cluster config. object({…}) {}

Outputs

name description sensitive
cluster_hostname Cluster hostname.
id Workstation cluster id.
service_attachment_uri Workstation service attachment URI.
workstation_configs Workstation configurations.
workstations Workstations.