This module allows to create a workstation cluster with associated workstation configs and workstations. In addition to this it allows to set up IAM bindings for the workstation configs and the workstations.
Simple example showing how to create a cluster with publicly accessible workstations using the default base image.
module "workstation-cluster" {
source = "./fabric/modules/workstation-cluster"
project_id = var.project_id
id = "my-workstation-cluster"
location = var.region
network_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
workstation_configs = {
my-workstation-config = {
workstations = {
my-workstation = {
labels = {
team = "my-team"
}
}
}
}
}
}
# tftest modules=1 resources=3 inventory=simple.yamlExample showing how to create a cluster with a privately accessible workstation using the default base image.
module "workstation-cluster" {
source = "./fabric/modules/workstation-cluster"
project_id = var.project_id
id = "my-workstation-cluster"
location = var.region
network_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
private_cluster_config = {
enable_private_endpoint = true
}
workstation_configs = {
my-workstation-config = {
workstations = {
my-workstation = {
labels = {
team = "my-team"
}
}
}
}
}
}
# tftest modules=1 resources=3 inventory=private-cluster.yamlExample showing how to create a cluster with publicly accesible workstation that run a custom image.
module "workstation-cluster" {
source = "./fabric/modules/workstation-cluster"
project_id = var.project_id
id = "my-workstation-cluster"
location = var.region
network_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
workstation_configs = {
my-workstation-config = {
container = {
image = "repo/my-image:v10.0.0"
args = ["--arg1", "value1", "--arg2", "value2"]
env = {
VAR1 = "VALUE1"
VAR2 = "VALUE2"
}
working_dir = "/my-dir"
}
workstations = {
my-workstation = {
labels = {
team = "my-team"
}
}
}
}
}
}
# tftest modules=1 resources=3 inventory=custom-image.yamlExample showing how to grant IAM roles on the workstation configuration or workstation.
module "workstation-cluster" {
source = "./fabric/modules/workstation-cluster"
project_id = var.project_id
id = "my-workstation-cluster"
location = var.region
network_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
workstation_configs = {
my-workstation-config = {
workstations = {
my-workstation = {
labels = {
team = "my-team"
}
iam = {
"roles/workstations.user" = ["user:user1@my-org.com"]
}
}
}
iam = {
"roles/viewer" = ["group:group1@my-org.com"]
}
iam_bindings = {
workstations-config-viewer = {
role = "roles/viewer"
members = ["group:group2@my-org.com"]
condition = {
title = "limited-access"
expression = "resource.name.startsWith('my-')"
}
}
}
iam_bindings_additive = {
workstations-config-editor = {
role = "roles/editor"
member = "group:group3@my-org.com"
condition = {
title = "limited-access"
expression = "resource.name.startsWith('my-')"
}
}
}
}
}
}
# tftest modules=1 resources=7 inventory=iam.yaml| name | description | type | required | default |
|---|---|---|---|---|
| id | Workstation cluster ID. | string |
✓ | |
| network_config | Network configuration. | object({…}) |
✓ | |
| project_id | Cluster ID. | string |
✓ | |
| workstation_configs | Workstation configurations. | map(object({…})) |
✓ | |
| annotations | Workstation cluster annotations. | map(string) |
{} |
|
| display_name | Display name. | string |
null |
|
| domain | Domain. | string |
null |
|
| labels | Workstation cluster labels. | map(string) |
{} |
|
| location | Location. | string |
null |
|
| private_cluster_config | Private cluster config. | object({…}) |
{} |
| name | description | sensitive |
|---|---|---|
| cluster_hostname | Cluster hostname. | |
| id | Workstation cluster id. | |
| service_attachment_uri | Workstation service attachment URI. | |
| workstation_configs | Workstation configurations. | |
| workstations | Workstations. |