Google Git
Sign in
apache / incubator-datalab / 2f86cf597bc21deb871eef1ca10d8deb7620594a / . / infrastructure-provisioning / terraform / gcp / ssn-gke / main / modules / gke / gke.tf
blob: 21bdf0a35a842161a11924bb000137f5f1a96654 [file] [log] [blame]
# *****************************************************************************
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# ******************************************************************************
locals {
additional_tag = split(":", var.additional_tag)
gke_name = "${var.service_base_name}-k8s-cluster"
gke_node_pool_name = "${var.service_base_name}-node-pool"
}
resource "random_string" "ssn_keystore_password" {
length = 16
special = false
}
resource "random_string" "endpoint_keystore_password" {
length = 16
special = false
}
resource "google_container_cluster" "ssn_k8s_gke_cluster" {
name = local.gke_name
location = var.region
remove_default_node_pool = true
initial_node_count = 1
min_master_version = var.gke_cluster_version
network = data.google_compute_network.ssn_gke_vpc_data.self_link
subnetwork = data.google_compute_subnetwork.ssn_gke_subnet_data.self_link
enable_legacy_abac = true
resource_labels = {
name = local.gke_name
"${local.additional_tag[0]}" = local.additional_tag[1]
"${var.service_base_name}-tag" = local.gke_name
}
master_auth {
username = ""
password = ""
client_certificate_config {
issue_client_certificate = true
}
}
depends_on = [google_project_iam_member.iam, google_service_account.ssn_k8s_sa,
google_service_account_key.nodes_sa_key]
}
resource "google_container_node_pool" "ssn_k8s_gke_node_pool" {
name = local.gke_node_pool_name
location = var.region
cluster = google_container_cluster.ssn_k8s_gke_cluster.name
node_count = var.ssn_k8s_workers_count
version = var.gke_cluster_version
depends_on = [google_container_cluster.ssn_k8s_gke_cluster]
node_config {
machine_type = var.ssn_k8s_workers_shape
service_account = google_service_account.ssn_k8s_sa.email
labels = {
name = local.gke_node_pool_name
"${local.additional_tag[0]}" = local.additional_tag[1]
"${var.service_base_name}-tag" = local.gke_node_pool_name
}
metadata = {
disable-legacy-endpoints = "true"
}
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
}
}
data "google_container_cluster" "ssn_k8s_gke_cluster" {
name = local.gke_name
location = var.region
depends_on = [google_container_cluster.ssn_k8s_gke_cluster, google_container_node_pool.ssn_k8s_gke_node_pool]
}
data "google_client_config" "current" {}