/terraform-google-kubernetes-engine1

Terraform module to simplify the deployment of GKE clusters allowing users to quickly create and manage a production-grade Kubernetes cluster on GCP.

Primary LanguageHCLApache License 2.0Apache-2.0

GCP GKE Terraform module

squareops_avatar

SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.


This module simplifies the deployment of GKE clusters, allowing users to quickly create and manage a production-grade Kubernetes cluster on GCP. The module is highly configurable, allowing users to customize various aspects of the GKE cluster, such as the Kubernetes version, worker node instance type, and number of worker nodes. Additionally, the module provides a set of outputs that can be used to configure other resources, such as the Kubernetes config file.

This module is ideal for users who want to quickly deploy an GKE cluster on GCP without the need for manual setup and configuration. It is also suitable for users who want to adopt best practices for security and scalability in their GKE deployments.

Usage Example

module "gke" {
  source                     = "squareops/kubernetes-engine/google"
  project                    = project_name
  cluster_name               = "gke-cluster"
  region                     = "asia-south1"
  environment                = "dev"
  zones                      = ["asia-south1-a", "asia-south1-b", "asia-south1-c"]
  vpc_name                   = "dev-vpc"
  subnet                     = "dev-subnet-1"
  kubernetes_version         = "1.25"
  default_np_instance_type   = "e2-medium"
  default_np_locations       = "asia-south1-a,asia-south1-b"
  default_np_max_count       = 5
  default_np_preemptible     = true

}


module "node_pool" {
  source             = "squareops/kubernetes-engine/google//modules/node-pool"
  depends_on         = [module.gke]
  project            = project_name
  cluster_name       = module.gke.name
  name               = "app"
  environment        = "dev"
  location           = "asia-south1"
  kubernetes_version = "1.25"
  service_account    = module.gke.service_accounts_gke
  initial_node_count = 1
  min_count          = 1
  max_count          = 5
  node_locations     = ["asia-south1-a", "asia-south1-b", "asia-south1-c"]
  preemptible        = true
  instance_type      = "e2-medium"
  disk_size_gb       = 50
  labels = {
    "App-services" : true
  }
}

Refer examples for more details.

Important Note

To prevent destruction interruptions, any resources that have been created outside of Terraform and attached to the resources provisioned by Terraform must be deleted before the module is destroyed.

Configure a Service Account

  1. Login to the GCP console. IAM > Service Account and Create a service account for authentication.

  2. Provide the roles mentioned in IAM.md.

  3. Run command in terminal to configure google credentials:

     gcloud auth activate-service-account SA-NAME --key-file=KEY.JSON (You need to export key file everytime you create resource)
 export GOOGLE_APPLICATION_CREDENTIALS="keypath"
 gcloud config set project <project-name>

Requirements

Name Version
terraform >=0.13
google >= 4.51.0, < 5.0, !=4.65.0, !=4.65.1
kubernetes ~> 2.10
random >= 2.1

Providers

Name Version
google >= 4.51.0, < 5.0, !=4.65.0, !=4.65.1

Modules

Name Source Version
gke terraform-google-modules/kubernetes-engine/google//modules/private-cluster 27.0.0
service_accounts_gke terraform-google-modules/service-accounts/google ~> 3.0

Resources

Name Type
google_client_config.default data source

Inputs

Name Description Type Default Required
cluster_name The name of the GKE cluster. string "" no
cluster_resource_labels The GCE resource labels (a map of key/value pairs) to be applied to the cluster map(string) {} no
database_encryption Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. list(object({ state = string, key_name = string })) 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
 no
default_np_disk_size_gb Disk size (in GB) for the default node pool number 50 no
default_np_initial_node_count Initial number of nodes for the default node pool number 1 no
default_np_instance_type Machine type for the default node pool string "e2-medium" no
default_np_locations Locations for the default node pool string "asia-south1-a" no
default_np_max_count Maximum number of nodes for the default node pool number 3 no
default_np_min_count Minimum number of nodes for the default node pool number 1 no
default_np_name Name of the default node pool string "default" no
default_np_preemptible Enable preemptible instances for the default node pool bool true no
disk_type Disk type for the default node pool string "pd-standard" no
enable_private_endpoint Whether to enable the private endpoint for the GKE cluster. bool false no
enable_private_nodes Whether to enable private nodes for the GKE cluster. bool true no
enable_secure_boot Enable secure boot for the default node pool bool false no
environment The environment in which the resources are being deployed. string "" no
gke_backup_agent_config Whether Backup for GKE agent is enabled for this cluster. bool false no
ip_range_pods_name The name of the IP range for pods in the GKE cluster. string "" no
ip_range_services_name The name of the IP range for services in the GKE cluster. string "" no
kubernetes_version The desired Kubernetes version for the GKE cluster. string "1.25" no
logging_enabled_components List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. list(string) [] no
logging_service The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none string "logging.googleapis.com/kubernetes" no
master_authorized_networks Authorized networks for GKE master. string "" no
master_global_access_enabled Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. bool true no
master_ipv4_cidr_block (Beta) The IP range in CIDR notation to use for the hosted master network string "10.0.0.0/28" no
monitoring_enabled_components List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. list(string) [] no
monitoring_service The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none string "monitoring.googleapis.com/kubernetes" no
network_policy Enable network policy addon bool false no
network_policy_provider The network policy provider. string "CALICO" no
node_pools_oauth_scopes Map of lists containing node oauth scopes by node-pool name map(list(string)) 
{
  "all": [
    "https://www.googleapis.com/auth/devstorage.read_only",
    "https://www.googleapis.com/auth/ndev.clouddns.readwrite",
    "https://www.googleapis.com/auth/service.management.readonly",
    "https://www.googleapis.com/auth/logging.write",
    "https://www.googleapis.com/auth/monitoring",
    "https://www.googleapis.com/auth/servicecontrol",
    "https://www.googleapis.com/auth/trace.append",
    "https://www.googleapis.com/auth/devstorage.read_only",
    "https://www.googleapis.com/auth/cloud-platform"
  ]
}
 no
project_name The ID or project number of the Google Cloud project. string "" no
region The region to host the cluster in (optional if zonal cluster / required if regional) string null no
regional Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) bool true no
release_channel The release channel of the cluster. Accepted values are UNSPECIFIED, RAPID, REGULAR and STABLE. Defaults to UNSPECIFIED. string "STABLE" no
remove_default_node_pool Remove default node pool bool true no
subnet The name of the subnet within the VPC network for the GKE cluster. string "" no
vpc_name The name of the VPC network where the GKE cluster will be created. string "" no
zones The zones to host the cluster in (optional if regional cluster / required if zonal) list(string) [] no

Outputs

Name Description
ca_certificate The cluster ca certificate (base64 encoded)
client_token The bearer token for auth
cluster_name Cluster name
cluster_region The region where the GKE cluster is located.
kubernetes_endpoint The cluster endpoint
peering_name The name of the peering between this cluster and the Google owned VPC.
service_account The default service account used for running nodes.
service_accounts_gke The service account to default running nodes.

Contribute & Issue Report

To report an issue with a project:

  1. Check the repository's issue tracker on GitHub
  2. Search to check if the issue has already been reported
  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.

License

Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)

Support Us

To support our GitHub project by liking it, you can follow these steps:

  1. Visit the repository: Navigate to the GitHub repository

  2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.