[#4006] Update oauth scopes for GCP (#4007)

airyhq · Dec 28, 2022 · 830b804 · 830b804
1 parent 1be3f16
commit 830b804
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 17 deletions.
diff --git a/infrastructure/terraform/modules/gcp-gke/main.tf b/infrastructure/terraform/modules/gcp-gke/main.tf
@@ -26,12 +26,7 @@ resource "google_container_node_pool" "gke_core_nodes" {
   node_config {
     preemptible  = false
     machine_type = var.gke_instance_type
-
-    oauth_scopes = [
-      "https://www.googleapis.com/auth/logging.write",
-      "https://www.googleapis.com/auth/monitoring",
-    ]
-
+    oauth_scopes = var.gke_oauth_scopes
     tags = ["gke-node", "${var.project_id}-gke"]
     metadata = {
       disable-legacy-endpoints = "true"
@@ -40,7 +35,6 @@ resource "google_container_node_pool" "gke_core_nodes" {
       env = var.project_id
     }
   }
-
   depends_on = [resource.google_container_cluster.gke_core]
 }
 
@@ -51,11 +45,9 @@ resource "null_resource" "kubeconfig_file" {
     cluster_name    = var.gke_name
     kubeconfig_path = var.kubeconfig_output_path
   }
-
   depends_on = [
     resource.google_container_cluster.gke_core
   ]
-
   provisioner "local-exec" {
     command = "KUBECONFIG=${self.triggers.kubeconfig_path} gcloud container clusters get-credentials ${self.triggers.cluster_name} --region ${self.triggers.region} --project ${self.triggers.project_id}"
   }

diff --git a/infrastructure/terraform/modules/gcp-gke/variables.tf b/infrastructure/terraform/modules/gcp-gke/variables.tf
@@ -1,11 +1,11 @@
 variable "project_id" {
-  default     = "airy-core"
   description = "The project defined in gcloud config is airy-core"
+  default     = "airy-core"
 }
 
 variable "region" {
-  default     = "us-central1"
   description = "The region defined in gcloud config is us-central1"
+  default     = "us-central1"
 }
 
 variable "gke_name" {
@@ -14,26 +14,35 @@ variable "gke_name" {
 }
 
 variable "gke_num_nodes" {
-  default     = 1
   description = "Number of gke nodes"
+  default     = 2
 }
 
 variable "gke_node_locations" {
-  default     = []
   description = "List of zones for the nodes in the node pool"
+  default     = []
 }
 
 variable "vpc_name" {
-  default     = "airy-core-vpc"
   description = "The name of the created VPC"
+  default     = "airy-core-vpc"
 }
 
 variable "kubeconfig_output_path" {
-  default     = "../kube.conf"
   description = "The location of the kubeconfig file"
+  default     = "../kube.conf"
 }
 
 variable "gke_instance_type" {
-  default     = "n1-standard-2"
   description = "The type of the instances in the node pool"
-}
+  default     = "n1-standard-2"
+}
+
+variable "gke_oauth_scopes" {
+  description = "The OAuth scopes used for the nodegroups in Kubernetes"
+  default = [
+    "https://www.googleapis.com/auth/logging.write",
+    "https://www.googleapis.com/auth/monitoring",
+    "https://www.googleapis.com/auth/cloud-platform"
+  ]
+}