This folder contains a Terraform module to deploy a kubernetes cluster in GCP. The cluster contains a core-node-pool and an user-node-pool. The cluster is configured to schedule user pods into the user pool. This cluster type is used by JupyterHub and Renku projects
This module depends on you having GCP credentials of some kind. The module looks for a credential file in JSON format. You should export the following:
GOOGLE_APPLICATION_CREDENTIALS=/path/to/file.json
This repository defines a Terraform module, which you can use in your
code by adding a module
configuration and setting its source
parameter to URL of this repository. See the tests folder for guidance
Name | Version |
---|---|
terraform | >= 1.10.0 |
6.15.0 | |
google-beta | 6.15.0 |
No providers.
Name | Source | Version |
---|---|---|
gke | terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster | 34.0.0 |
No resources.
Name | Description | Type | Default | Required |
---|---|---|---|---|
cluster_name | Name of cluster | string |
"default" |
no |
core_pool_auto_repair | Enable auto-repair of core-component pool | bool |
true |
no |
core_pool_auto_upgrade | Enable auto-upgrade of core-component pool | bool |
true |
no |
core_pool_disk_size_gb | Size of disk for core-component pool | number |
100 |
no |
core_pool_disk_type | Type of disk core-component pool | string |
"pd-standard" |
no |
core_pool_image_type | Type of image core-component pool | string |
"COS_CONTAINERD" |
no |
core_pool_initial_node_count | Number of initial nodes in core-component pool | number |
1 |
no |
core_pool_local_ssd_count | Number of SSDs core-component pool | number |
0 |
no |
core_pool_machine_type | Machine type for the core-component pool | string |
"n1-highmem-4" |
no |
core_pool_max_count | Maximum number of nodes in the core-component pool | number |
3 |
no |
core_pool_min_count | Minimum number of nodes in the core-component pool | number |
1 |
no |
core_pool_name | Name for the core-component pool | string |
"core-pool" |
no |
core_pool_preemptible | Make core-component pool preemptible | bool |
false |
no |
create_service_account | Defines if service account specified to run nodes should be created. | bool |
false |
no |
deletion_protection | Enable deletion protection for the cluster | bool |
false |
no |
enable_private_nodes | (Beta) Whether nodes have internal IP addresses only | bool |
true |
no |
gce_pd_csi_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | bool |
true |
no |
horizontal_pod_autoscaling | Enable horizontal pod autoscaling addon | bool |
true |
no |
http_load_balancing | Enable http load balancer add-on | bool |
false |
no |
ip_range_pods | The range name for pods | string |
"kubernetes-pods" |
no |
ip_range_services | The range name for services | string |
"kubernetes-services" |
no |
kubernetes_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string |
"latest" |
no |
logging_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string |
"logging.googleapis.com/kubernetes" |
no |
maintenance_start_time | Time window specified for daily maintenance operations in RFC3339 format | string |
"03:00" |
no |
master_ipv4_cidr_block | (Beta) The IP range in CIDR notation to use for the hosted master network | string |
"172.16.0.0/28" |
no |
monitoring_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string |
"monitoring.googleapis.com/kubernetes" |
no |
network | The VPC network to host the cluster in. | string |
"kubernetes-vpc" |
no |
network_policy | Enable network policy addon | bool |
true |
no |
node_zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | list(string) |
[ |
no |
project_id | The project ID to host the cluster in | string |
n/a | yes |
region | The region to host the cluster in | string |
n/a | yes |
regional | Whether the master node should be regional or zonal | bool |
true |
no |
release_channel | The release channel of this cluster. Accepted values are UNSPECIFIED , RAPID , REGULAR and STABLE . Defaults to REGULAR . |
string |
"REGULAR" |
no |
remove_default_node_pool | Remove default node pool while setting up the cluster | bool |
false |
no |
service_account_email | Email of service account | string |
n/a | yes |
subnetwork | The subnetwork to host the cluster in | string |
"kubernetes-subnet" |
no |
user_pool_auto_repair | Enable auto-repair of user pool | bool |
true |
no |
user_pool_auto_upgrade | Enable auto-upgrade of user pool | bool |
true |
no |
user_pool_disk_size_gb | Size of disk for user pool | number |
100 |
no |
user_pool_disk_type | Type of disk user pool | string |
"pd-standard" |
no |
user_pool_image_type | Type of image user pool | string |
"COS_CONTAINERD" |
no |
user_pool_initial_node_count | Number of initial nodes in user pool | number |
1 |
no |
user_pool_local_ssd_count | Number of SSDs user pool | number |
0 |
no |
user_pool_machine_type | Machine type for the user pool | string |
"n1-highmem-4" |
no |
user_pool_max_count | Maximum number of nodes in the user pool | number |
20 |
no |
user_pool_min_count | Minimum number of nodes in the user pool | number |
1 |
no |
user_pool_name | Name for the user pool | string |
"user-pool" |
no |
user_pool_preemptible | Make user pool preemptible | bool |
false |
no |
Name | Description |
---|---|
cluster_name | Cluster name |
horizontal_pod_autoscaling_enabled | Whether the cluster enables horizontal pod autoscaling |
http_load_balancing_enabled | Whether the cluster enables HTTP load balancing |
location | The location (region or zone) in which the cluster master will be created |
node_pools_names | List of node pools names |
region | n/a |
service_account | The service account to default running nodes as if not overridden in node_pools . |
zones | List of zones in which the cluster resides |
Use GitLab Flow.
- Create feature branches for features and fixes from default branch
- Merge only from PR with review
- After merging to default branch a release is drafted using a github action. Check the draft and publish if you and tests are happy
We recommend using asdf to manage your versions of Terrafom.
brew install asdf
You can also install the latest version of terraform version via brew.
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
You should make sure that pre-commit hooks are installed to run the formater, linter, etc. Install and configure terraform pre-commit hooks as follows:
Install dependencies
brew bundle install
Install the pre-commit hook globally
DIR=~/.git-template
git config --global init.templateDir ${DIR}
pre-commit init-templatedir -t pre-commit ${DIR}
To run the hooks specified in .pre-commit-config.yaml
:
pre-commit run -a
This is only needed if running tests locally. The google-cloud-sdk is included in the Brewfile so it should now be installed
This repo includes a env.sh
file that where you set the path to the google credentials file, then use
source env.sh
and
deactivate
to set and uset the GOOGLE_APPLICATION_CREDENTIALS
variable.
The tests can be run locally with terraform test
after running terraform init
. You will need to supply org_id
, folder_id
, and billing_account
variables through terraform.tfvars
file. Please see terraform.tfvars.example
file for an example.
This project has three workflows enabled:
-
PR labeler: When opening a PR to default branch, a label is given assigned automatically according to the name of your feature branch. The labeler follows the follows rules in pr-labeler.yml
-
Release Drafter: When merging to master, a release is drafted using the Release-Drafter Action
-
terraform test
runs on PR, merge to main and releases.