Skip to content

Terraform example module for Google Cloud Platform Kubernetes Engine cluster.

License

Notifications You must be signed in to change notification settings

osinfra-io/terraform-google-kubernetes-engine

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Google Cloud Platform - Kubernetes Engine Terraform Module

GitHub Actions:

Terraform Tests Dependabot

Infracost:

infracost

πŸ’΅ Monthly estimates based on Infracost baseline costs.

Repository Description

Terraform example module for a Google Cloud Platform Kubernetes engine cluster.

Note

We do not recommend consuming this module like you might a public module. It is a baseline, something you can fork, potentially maintain, and modify to fit your organization's needs. Using public modules vs. writing your own has various drivers and trade-offs that your organization should evaluate.

πŸ”© Usage

Tip

You can check the tests/fixtures directory for example configurations. These fixtures set up the system for testing by providing all the necessary initial code, thus creating good examples on which to base your configurations.

Google project services must be enabled before using this module. As a best practice, these should be defined in the terraform-google-project module. The following services are required:

  • container.googleapis.com
  • cloudkms.googleapis.com
  • cloudresourcemanager.googleapis.com
  • gkehub.googleapis.com (Only needed if the project is a GKE Fleet host project)
  • multiclusteringress.googleapis.com (Only needed if the project is a GKE Fleet host project)
  • multiclusterservicediscovery.googleapis.com
  • trafficdirector.googleapis.com

Development

Our focus is on the core fundamental practice of platform engineering, Infrastructure as Code.

Open Source Infrastructure (as Code) is a development model for infrastructure that focuses on open collaboration and applying relative lessons learned from software development practices that organizations can use internally at scale. - Open Source Infrastructure (as Code)

To avoid slowing down stream-aligned teams, we want to open up the possibility for contributions. The Open Source Infrastructure (as Code) model allows team members external to the platform team to contribute with only a slight increase in cognitive load. This section is for developers who want to contribute to this repository, describing the tools used, the skills, and the knowledge required, along with Terraform documentation.

See the documentation for setting up a local development environment here.

πŸ› οΈ Tools

πŸ“‹ Skills and Knowledge

Links to documentation and other resources required to develop and iterate in this repository successfully.

πŸ” Tests

All tests are mocked allowing us to test the module without creating infrastructure or requiring credentials. The trade-offs are acceptable in favor of speed and simplicity. In a Terraform test, a mocked provider or resource will generate fake data for all computed attributes that would normally be provided by the underlying provider APIs.

terraform init
terraform test

πŸ““ Terraform Documentation

A child module automatically inherits default (un-aliased) provider configurations from its parent. The provider versions below are informational only and do not need to align with the provider configurations from its parent.

Requirements

No requirements.

Providers

Name Version
google 6.11.1
random 3.6.3

Modules

No modules.

Resources

Name Type
google_project_iam_member.container_deployer resource
google_project_iam_member.gke_hub_service_agent resource
google_project_iam_member.host_project_network_viewer resource
google_project_iam_member.multi_cluster_service_agent resource
google_project_iam_member.service_project_network_viewer resource
google_service_account.kubernetes_workload_identity resource
google_service_account_iam_member.workload_identity resource
random_id.this resource
google_project.fleet_host data source

Inputs

Name Description Type Default Required
gke_fleet_host_project_id The project ID of the GKE Hub host project string "" no
namespaces A map of namespaces with the Google service account used for the namespace administrator and whether Istio injection is enabled or disabled
map(object({
google_service_account = string
istio_injection = optional(string, "disabled")
}))
{} no
project The ID of the project in which the resource belongs string n/a yes

Outputs

Name Description
container_deployer_service_accounts The service accounts for the container deployer
gke_fleet_host_project_number The project number of the fleet host project
workload_identity_service_account_emails The email addresses of the service accounts for the Kubernetes namespace workload identity

πŸ““ Terraform Regional Documentation