-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathvariables.tf
More file actions
247 lines (207 loc) · 8.94 KB
/
variables.tf
File metadata and controls
247 lines (207 loc) · 8.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# These parameters must be supplied when consuming this module.
# ---------------------------------------------------------------------------------------------------------------------
variable "project" {
description = "The project ID to host the cluster in"
type = string
}
variable "location" {
description = "The location (region or zone) to host the cluster in"
type = string
}
variable "name" {
description = "The name of the cluster"
type = string
}
variable "network" {
description = "A reference (self link) to the VPC network to host the cluster in"
type = string
}
variable "subnetwork" {
description = "A reference (self link) to the subnetwork to host the cluster in"
type = string
}
variable "cluster_secondary_range_name" {
description = "The name of the secondary range within the subnetwork for the cluster to use"
type = string
}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# Generally, these values won't need to be changed.
# ---------------------------------------------------------------------------------------------------------------------
variable "description" {
description = "The description of the cluster"
type = string
default = ""
}
variable "kubernetes_version" {
description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region."
type = string
default = "latest"
}
variable "logging_service" {
description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com/kubernetes, logging.googleapis.com (legacy), and none"
type = string
default = "logging.googleapis.com/kubernetes"
}
variable "monitoring_service" {
description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Stackdriver Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting. Available options include monitoring.googleapis.com/kubernetes, monitoring.googleapis.com (legacy), and none"
type = string
default = "monitoring.googleapis.com/kubernetes"
}
variable "horizontal_pod_autoscaling" {
description = "Whether to enable the horizontal pod autoscaling addon"
type = bool
default = true
}
variable "http_load_balancing" {
description = "Whether to enable the http (L7) load balancing addon"
type = bool
default = true
}
variable "enable_private_nodes" {
description = "Control whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private addresses and communicate with the master via private networking."
type = bool
default = false
}
variable "disable_public_endpoint" {
description = "Control whether the master's internal IP address is used as the cluster endpoint. If set to 'true', the master can only be accessed from internal IP addresses."
type = bool
default = false
}
variable "master_ipv4_cidr_block" {
description = "The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network."
type = string
default = ""
}
variable "network_project" {
description = "The project ID of the shared VPC's host (for shared vpc support)"
type = string
default = ""
}
variable "master_authorized_networks_config" {
description = <<EOF
The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)
### example format ###
master_authorized_networks_config = [{
cidr_blocks = [{
cidr_block = "10.0.0.0/8"
display_name = "example_network"
}],
}]
EOF
type = list(any)
default = []
}
variable "maintenance_start_time" {
description = "Time window specified for daily maintenance operations in RFC3339 format"
type = string
default = "05:00"
}
variable "stub_domains" {
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
type = map(string)
default = {}
}
variable "non_masquerade_cidrs" {
description = "List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading."
type = list(string)
default = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
}
variable "ip_masq_resync_interval" {
description = "The interval at which the agent attempts to sync its ConfigMap file from the disk."
type = string
default = "60s"
}
variable "ip_masq_link_local" {
description = "Whether to masquerade traffic to the link-local prefix (169.254.0.0/16)."
type = bool
default = false
}
variable "alternative_default_service_account" {
description = "Alternative Service Account to be used by the Node VMs. If not specified, the default compute Service Account will be used. Provide if the default Service Account is no longer available."
type = string
default = null
}
variable "resource_labels" {
description = "The GCE resource labels (a map of key/value pairs) to be applied to the cluster."
type = map(any)
default = {}
}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS - RECOMMENDED DEFAULTS
# These values shouldn't be changed; they're following the best practices defined at https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster
# ---------------------------------------------------------------------------------------------------------------------
variable "enable_legacy_abac" {
description = "Whether to enable legacy Attribute-Based Access Control (ABAC). RBAC has significant security advantages over ABAC."
type = bool
default = false
}
variable "enable_network_policy" {
description = "Whether to enable Kubernetes NetworkPolicy on the master, which is required to be enabled to be used on Nodes."
type = bool
default = true
}
variable "basic_auth_username" {
description = "The username used for basic auth; set both this and `basic_auth_password` to \"\" to disable basic auth."
type = string
default = ""
}
variable "basic_auth_password" {
description = "The password used for basic auth; set both this and `basic_auth_username` to \"\" to disable basic auth."
type = string
default = ""
}
variable "enable_client_certificate_authentication" {
description = "Whether to enable authentication by x509 certificates. With ABAC disabled, these certificates are effectively useless."
type = bool
default = false
}
# See https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#google-groups-for-gke
variable "gsuite_domain_name" {
description = "The domain name for use with Google security groups in Kubernetes RBAC. If a value is provided, the cluster will be initialized with security group `gke-security-groups@[yourdomain.com]`."
type = string
default = null
}
variable "secrets_encryption_kms_key" {
description = "The Cloud KMS key to use for the encryption of secrets in etcd, e.g: projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
type = string
default = null
}
# See https://cloud.google.com/kubernetes-engine/docs/concepts/verticalpodautoscaler
variable "enable_vertical_pod_autoscaling" {
description = "Whether to enable Vertical Pod Autoscaling"
type = string
default = false
}
variable "services_secondary_range_name" {
description = "The name of the secondary range within the subnetwork for the services to use"
type = string
default = null
}
variable "enable_workload_identity" {
description = "Enable Workload Identity on the cluster"
default = false
type = bool
}
variable "identity_namespace" {
description = "Workload Identity Namespace. Default sets project based namespace [project_id].svc.id.goog"
default = null
type = string
}
variable "release_channel" {
default = null
description = "(Optional) The release channel to get upgrades of your GKE clusters from"
type = string
}
variable "enable_pubsub_notification" {
type = bool
description = "Option to enable GKE pub sub notification"
default = null
}
variable "pubsub_topic" {
type = string
description = "Pub sub topic to publish GKE notifications "
default = null
}