diff --git a/README.md b/README.md
index 6df019f..1f87842 100644
--- a/README.md
+++ b/README.md
@@ -36,14 +36,13 @@ No modules.
|------|-------------|------|---------|:--------:|
| [allowed\_ip\_ranges](#input\_allowed\_ip\_ranges) | Allowed IP ranges to connect to master | `list(string)` | [
"0.0.0.0/0"
]
| no |
| [cluster\_generic\_node\_config](#input\_cluster\_generic\_node\_config) | Cluster Generic Node configuration | object({
disk_size_gb = optional(string, "100")
disk_type = optional(string, "pd-balanced")
machine_type = optional(string, "e2-medium")
enable_secure_boot = optional(bool, true)
enable_integrity_monitoring = optional(bool, true)
auto_repair = optional(bool, true)
auto_upgrade = optional(bool, true)
node_count = optional(number, 1)
workload_metadata_config_mode = optional(string, "GKE_METADATA")
service_account = optional(string, "default")
preemptible = optional(bool, false)
spot = optional(bool, true)
}) | `{}` | no |
-| [cluster\_ipv4\_cidr\_block](#input\_cluster\_ipv4\_cidr\_block) | The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Optional with cluster\_ipv4\_cidr\_block | `string` | `""` | no |
| [cluster\_master\_ipv4\_cidr\_block](#input\_cluster\_master\_ipv4\_cidr\_block) | Master nodes ipv4 cidr | `string` | n/a | yes |
| [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | n/a | yes |
| [cluster\_nap\_node\_config](#input\_cluster\_nap\_node\_config) | Cluster NAP Node configuration | object({
disk_size_gb = optional(string, "300")
disk_type = optional(string, "pd-balanced")
enable_secure_boot = optional(bool, true)
enable_integrity_monitoring = optional(bool, true)
autoscaling_profile = optional(string, "OPTIMIZE_UTILIZATION")
max_cpu = optional(number, 1024)
max_memory = optional(number, 8172)
auto_repair = optional(bool, true)
auto_upgrade = optional(bool, true)
max_surge = optional(number, 1)
max_unavailable = optional(number, 0)
}) | `{}` | no |
-| [cluster\_network\_name](#input\_cluster\_network\_name) | Network name for the cluster | `string` | n/a | yes |
+| [cluster\_network\_id](#input\_cluster\_network\_id) | Network ID for the cluster | `string` | n/a | yes |
| [cluster\_networking\_mode](#input\_cluster\_networking\_mode) | Networking mode for the cluster. Values can be VPC\_NATIVE (recommended) or ROUTES. VPC\_NATIVE is default after google-beta 5.0.0 | `string` | `"VPC_NATIVE"` | no |
| [cluster\_node\_locations](#input\_cluster\_node\_locations) | AZ for nodes - this should match the region | `list(string)` | n/a | yes |
-| [cluster\_secondary\_range\_name](#input\_cluster\_secondary\_range\_name) | VPC Secondary range name for pods | `string` | `"notpods"` | no |
+| [cluster\_secondary\_range\_name](#input\_cluster\_secondary\_range\_name) | VPC Secondary range name for pods | `string` | `""` | no |
| [cluster\_subnet\_id](#input\_cluster\_subnet\_id) | Subnetwork name for the cluster. | `string` | n/a | yes |
| [control\_plane\_enabled](#input\_control\_plane\_enabled) | Whether control plane is enabled or not | `bool` | `false` | no |
| [control\_plane\_pool\_config](#input\_control\_plane\_pool\_config) | Control plane node pool config | object({
disk_size_gb = optional(string, "100")
disk_type = optional(string, "pd-balanced")
machine_type = optional(string, "e2-medium")
autoscaling = optional(object({
min_node_count = optional(number, 1)
max_node_count = optional(number, 2)
location_policy = optional(string, "BALANCED")
}), {})
enable_secure_boot = optional(bool, true)
enable_integrity_monitoring = optional(bool, true)
auto_repair = optional(bool, true)
auto_upgrade = optional(bool, true)
workload_metadata_config_mode = optional(string, "GKE_METADATA")
service_account = optional(string, "default")
labels = optional(map(string), {
"class.truefoundry.io/component" = "control-plane"
})
taints = optional(object(
{
key = optional(string, "class.truefoundry.io/component")
value = optional(string, "control-plane")
effect = optional(string, "NO_SCHEDULE")
}
), {})
preemptible = optional(bool, false)
spot = optional(bool, true)
}) | `{}` | no |
@@ -54,8 +53,8 @@ No modules.
| [oauth\_scopes](#input\_oauth\_scopes) | Oauth Scopes to attach to the cluste | `list(string)` | [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append"
]
| no |
| [project](#input\_project) | GCP Project | `string` | n/a | yes |
| [region](#input\_region) | region | `string` | n/a | yes |
-| [services\_ipv4\_cidr\_block](#input\_services\_ipv4\_cidr\_block) | The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Optional with services\_secondary\_range\_name | `string` | `""` | no |
| [services\_secondary\_range\_name](#input\_services\_secondary\_range\_name) | VPC Secondary range name for services | `string` | `""` | no |
+| [shared\_vpc](#input\_shared\_vpc) | Flag to enable shared VPC | `bool` | `false` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
## Outputs
@@ -64,9 +63,7 @@ No modules.
|------|-------------|
| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server |
| [cluster\_id](#output\_cluster\_id) | The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready |
-| [cluster\_ipv4\_cidr\_block](#output\_cluster\_ipv4\_cidr\_block) | IPv4 CIDR block for pods |
| [cluster\_master\_version](#output\_cluster\_master\_version) | Master version for the cluster |
| [cluster\_secondary\_range\_name](#output\_cluster\_secondary\_range\_name) | Cluster secondary range name for pod IPs |
-| [services\_ipv4\_cidr\_block](#output\_services\_ipv4\_cidr\_block) | IPv4 CIDR block for service |
| [services\_secondary\_range\_name](#output\_services\_secondary\_range\_name) | Cluster secondry range name for service IPs |
\ No newline at end of file
diff --git a/gke.tf b/gke.tf
index f110d14..26cbdd2 100644
--- a/gke.tf
+++ b/gke.tf
@@ -12,7 +12,7 @@ resource "google_container_cluster" "cluster" {
initial_node_count = 1
networking_mode = var.cluster_networking_mode
min_master_version = var.kubernetes_version
- network = var.cluster_network_name
+ network = var.cluster_network_id
subnetwork = var.cluster_subnet_id
enable_shielded_nodes = true
enable_intranode_visibility = true
@@ -135,11 +135,8 @@ resource "google_container_cluster" "cluster" {
# Configuration of cluster IP allocation for VPC-native clusters
ip_allocation_policy {
- cluster_secondary_range_name = var.cluster_secondary_range_name != "" ? var.cluster_secondary_range_name : null
- services_secondary_range_name = var.services_secondary_range_name != "" ? var.services_secondary_range_name : null
-
- cluster_ipv4_cidr_block = var.cluster_secondary_range_name == "" ? var.cluster_ipv4_cidr_block : null
- services_ipv4_cidr_block = var.cluster_secondary_range_name == "" ? var.services_ipv4_cidr_block : null
+ cluster_secondary_range_name = var.cluster_secondary_range_name
+ services_secondary_range_name = var.services_secondary_range_name
}
release_channel {
@@ -256,10 +253,11 @@ resource "google_container_node_pool" "control_plane_pool" {
# *****************************************/
resource "google_compute_firewall" "fix_webhooks" {
# count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
+ count = var.shared_vpc ? 0 : 1
name = "${var.cluster_name}-webhook"
description = "Allow Nodes access to Control Plane"
project = var.project
- network = var.cluster_network_name
+ network = var.cluster_network_id
priority = 1000
direction = "INGRESS"
diff --git a/output.tf b/output.tf
index 251e760..1993ab6 100644
--- a/output.tf
+++ b/output.tf
@@ -22,15 +22,8 @@ output "cluster_secondary_range_name" {
description = "Cluster secondary range name for pod IPs"
value = var.cluster_secondary_range_name
}
+
output "services_secondary_range_name" {
description = "Cluster secondry range name for service IPs"
value = var.services_secondary_range_name
-}
-output "cluster_ipv4_cidr_block" {
- description = "IPv4 CIDR block for pods"
- value = var.cluster_ipv4_cidr_block
-}
-output "services_ipv4_cidr_block" {
- description = "IPv4 CIDR block for service"
- value = var.services_ipv4_cidr_block
}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index f25e410..35cfb92 100644
--- a/variables.tf
+++ b/variables.tf
@@ -137,8 +137,14 @@ variable "control_plane_pool_config" {
# Network
################################################################################
-variable "cluster_network_name" {
- description = "Network name for the cluster"
+variable "shared_vpc" {
+ description = "Flag to enable shared VPC"
+ type = bool
+ default = false
+}
+
+variable "cluster_network_id" {
+ description = "Network ID for the cluster"
type = string
}
@@ -159,29 +165,17 @@ variable "cluster_master_ipv4_cidr_block" {
}
variable "cluster_secondary_range_name" {
- default = "notpods"
+ default = ""
type = string
description = "VPC Secondary range name for pods"
}
-variable "cluster_ipv4_cidr_block" {
- description = "The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Optional with cluster_ipv4_cidr_block"
- type = string
- default = ""
-}
-
variable "services_secondary_range_name" {
default = ""
type = string
description = "VPC Secondary range name for services"
}
-variable "services_ipv4_cidr_block" {
- default = ""
- description = "The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Optional with services_secondary_range_name"
- type = string
-}
-
variable "allowed_ip_ranges" {
description = "Allowed IP ranges to connect to master"
default = ["0.0.0.0/0"]