forked from GoogleCloudPlatform/cloud-foundation-fabric
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
325 lines (287 loc) · 8.21 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "addons" {
description = "Addons enabled in the cluster (true means enabled)."
type = object({
cloudrun_config = bool
dns_cache_config = bool
horizontal_pod_autoscaling = bool
http_load_balancing = bool
istio_config = object({
enabled = bool
tls = bool
})
network_policy_config = bool
gce_persistent_disk_csi_driver_config = bool
gcp_filestore_csi_driver_config = bool
config_connector_config = bool
kalm_config = bool
gke_backup_agent_config = bool
})
default = {
cloudrun_config = false
dns_cache_config = false
horizontal_pod_autoscaling = true
http_load_balancing = true
istio_config = {
enabled = false
tls = false
}
network_policy_config = false
gce_persistent_disk_csi_driver_config = false
gcp_filestore_csi_driver_config = false
config_connector_config = false
kalm_config = false
gke_backup_agent_config = false
}
}
variable "authenticator_security_group" {
description = "RBAC security group for Google Groups for GKE, format is [email protected]."
type = string
default = null
}
variable "cluster_autoscaling" {
description = "Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler."
type = object({
enabled = bool
cpu_min = number
cpu_max = number
memory_min = number
memory_max = number
})
default = {
enabled = false
cpu_min = 0
cpu_max = 0
memory_min = 0
memory_max = 0
}
}
variable "database_encryption" {
description = "Enable and configure GKE application-layer secrets encryption."
type = object({
enabled = bool
state = string
key_name = string
})
default = {
enabled = false
state = "DECRYPTED"
key_name = null
}
}
variable "default_max_pods_per_node" {
description = "Maximum number of pods per node in this cluster."
type = number
default = 110
}
variable "description" {
description = "Cluster description."
type = string
default = null
}
variable "dns_config" {
description = "Configuration for Using Cloud DNS for GKE."
type = object({
cluster_dns = string
cluster_dns_scope = string
cluster_dns_domain = string
})
default = null
}
variable "enable_autopilot" {
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)."
type = bool
default = false
}
variable "enable_binary_authorization" {
description = "Enable Google Binary Authorization."
type = bool
default = false
}
variable "enable_dataplane_v2" {
description = "Enable Dataplane V2 on the cluster, will disable network_policy addons config."
type = bool
default = false
}
variable "enable_intranode_visibility" {
description = "Enable intra-node visibility to make same node pod to pod traffic visible."
type = bool
default = null
}
variable "enable_l4_ilb_subsetting" {
description = "Enable L4ILB Subsetting."
type = bool
default = null
}
variable "enable_shielded_nodes" {
description = "Enable Shielded Nodes features on all nodes in this cluster."
type = bool
default = null
}
variable "enable_tpu" {
description = "Enable Cloud TPU resources in this cluster."
type = bool
default = null
}
variable "labels" {
description = "Cluster resource labels."
type = map(string)
default = null
}
variable "location" {
description = "Cluster zone or region."
type = string
}
variable "logging_config" {
description = "Logging configuration (enabled components)."
type = list(string)
default = null
}
variable "logging_service" {
description = "Logging service (disable with an empty string)."
type = string
default = "logging.googleapis.com/kubernetes"
}
variable "maintenance_config" {
description = "Maintenance window configuration."
type = object({
daily_maintenance_window = object({
start_time = string
})
recurring_window = object({
start_time = string
end_time = string
recurrence = string
})
maintenance_exclusion = list(object({
exclusion_name = string
start_time = string
end_time = string
}))
})
default = {
daily_maintenance_window = {
start_time = "03:00"
}
recurring_window = null
maintenance_exclusion = []
}
}
variable "master_authorized_ranges" {
description = "External Ip address ranges that can access the Kubernetes cluster master through HTTPS."
type = map(string)
default = {}
}
variable "min_master_version" {
description = "Minimum version of the master, defaults to the version of the most recent official release."
type = string
default = null
}
variable "monitoring_config" {
description = "Monitoring configuration (enabled components)."
type = list(string)
default = null
}
variable "monitoring_service" {
description = "Monitoring service (disable with an empty string)."
type = string
default = "monitoring.googleapis.com/kubernetes"
}
variable "name" {
description = "Cluster name."
type = string
}
variable "network" {
description = "Name or self link of the VPC used for the cluster. Use the self link for Shared VPC."
type = string
}
variable "node_locations" {
description = "Zones in which the cluster's nodes are located."
type = list(string)
default = []
}
variable "notification_config" {
description = "GKE Cluster upgrade notifications via PubSub."
type = bool
default = false
}
variable "peering_config" {
description = "Configure peering with the master VPC for private clusters."
type = object({
export_routes = bool
import_routes = bool
project_id = string
})
default = null
}
variable "pod_security_policy" {
description = "Enable the PodSecurityPolicy feature."
type = bool
default = null
}
variable "private_cluster_config" {
description = "Enable and configure private cluster, private nodes must be true if used."
type = object({
enable_private_nodes = bool
enable_private_endpoint = bool
master_ipv4_cidr_block = string
master_global_access = bool
})
default = null
}
variable "project_id" {
description = "Cluster project id."
type = string
}
variable "release_channel" {
description = "Release channel for GKE upgrades."
type = string
default = null
}
variable "resource_usage_export_config" {
description = "Configure the ResourceUsageExportConfig feature."
type = object({
enabled = bool
dataset = string
})
default = {
enabled = null
dataset = null
}
}
variable "secondary_range_pods" {
description = "Subnet secondary range name used for pods."
type = string
}
variable "secondary_range_services" {
description = "Subnet secondary range name used for services."
type = string
}
variable "subnetwork" {
description = "VPC subnetwork name or self link."
type = string
}
variable "vertical_pod_autoscaling" {
description = "Enable the Vertical Pod Autoscaling feature."
type = bool
default = null
}
variable "workload_identity" {
description = "Enable the Workload Identity feature."
type = bool
default = true
}