diff --git a/README.md b/README.md
index 3b7efdc..34b0d66 100644
--- a/README.md
+++ b/README.md
@@ -7,15 +7,15 @@ Truefoundry Google Cloud Cluster Classic Module
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.4 |
-| [google](#requirement\_google) | 5.10.0 |
-| [google-beta](#requirement\_google-beta) | 5.10.0 |
+| [google](#requirement\_google) | 5.18.0 |
+| [google-beta](#requirement\_google-beta) | 5.18.0 |
## Providers
| Name | Version |
|------|---------|
-| [google](#provider\_google) | 5.10.0 |
-| [google-beta](#provider\_google-beta) | 5.10.0 |
+| [google](#provider\_google) | 5.18.0 |
+| [google-beta](#provider\_google-beta) | 5.18.0 |
## Modules
@@ -25,16 +25,17 @@ No modules.
| Name | Type |
|------|------|
-| [google-beta_google_container_cluster.cluster](https://registry.terraform.io/providers/hashicorp/google-beta/5.10.0/docs/resources/google_container_cluster) | resource |
-| [google_compute_firewall.fix_webhooks](https://registry.terraform.io/providers/hashicorp/google/5.10.0/docs/resources/compute_firewall) | resource |
-| [google_container_node_pool.generic](https://registry.terraform.io/providers/hashicorp/google/5.10.0/docs/resources/container_node_pool) | resource |
+| [google-beta_google_container_cluster.cluster](https://registry.terraform.io/providers/hashicorp/google-beta/5.18.0/docs/resources/google_container_cluster) | resource |
+| [google_compute_firewall.fix_webhooks](https://registry.terraform.io/providers/hashicorp/google/5.18.0/docs/resources/compute_firewall) | resource |
+| [google_container_node_pool.control_plane_pool](https://registry.terraform.io/providers/hashicorp/google/5.18.0/docs/resources/container_node_pool) | resource |
+| [google_container_node_pool.generic](https://registry.terraform.io/providers/hashicorp/google/5.18.0/docs/resources/container_node_pool) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [allowed\_ip\_ranges](#input\_allowed\_ip\_ranges) | Allowed IP ranges to connect to master | `list(string)` | [
"0.0.0.0/0"
]
| no |
-| [cluster\_generic\_node\_config](#input\_cluster\_generic\_node\_config) | Cluster Generic Node configuration | object({
disk_size_gb = optional(string, "100")
disk_type = optional(string, "pd-balanced")
machine_type = optional(string, "e2-medium")
enable_secure_boot = optional(bool, true)
enable_integrity_monitoring = optional(bool, true)
auto_repair = optional(bool, true)
auto_upgrade = optional(bool, true)
node_count = optional(number, 1)
workload_metadata_config_mode = optional(string, "GKE_METADATA")
service_account = optional(string, "default")
preemptible = optional(bool, false)
spot = optional(bool, false)
}) | `{}` | no |
+| [cluster\_generic\_node\_config](#input\_cluster\_generic\_node\_config) | Cluster Generic Node configuration | object({
disk_size_gb = optional(string, "100")
disk_type = optional(string, "pd-balanced")
machine_type = optional(string, "e2-medium")
enable_secure_boot = optional(bool, true)
enable_integrity_monitoring = optional(bool, true)
auto_repair = optional(bool, true)
auto_upgrade = optional(bool, true)
node_count = optional(number, 1)
workload_metadata_config_mode = optional(string, "GKE_METADATA")
service_account = optional(string, "default")
preemptible = optional(bool, false)
spot = optional(bool, true)
}) | `{}` | no |
| [cluster\_ipv4\_cidr\_block](#input\_cluster\_ipv4\_cidr\_block) | The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Optional with cluster\_ipv4\_cidr\_block | `string` | `""` | no |
| [cluster\_master\_ipv4\_cidr\_block](#input\_cluster\_master\_ipv4\_cidr\_block) | Master nodes ipv4 cidr | `string` | n/a | yes |
| [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | n/a | yes |
@@ -44,9 +45,11 @@ No modules.
| [cluster\_node\_locations](#input\_cluster\_node\_locations) | AZ for nodes - this should match the region | `list(string)` | n/a | yes |
| [cluster\_secondary\_range\_name](#input\_cluster\_secondary\_range\_name) | VPC Secondary range name for pods | `string` | `"notpods"` | no |
| [cluster\_subnet\_id](#input\_cluster\_subnet\_id) | Subnetwork name for the cluster. | `string` | n/a | yes |
+| [control\_plane\_enabled](#input\_control\_plane\_enabled) | Whether control plane is enabled or not | `bool` | `false` | no |
+| [control\_plane\_pool\_config](#input\_control\_plane\_pool\_config) | Control plane node pool config | object({
disk_size_gb = optional(string, "100")
disk_type = optional(string, "pd-balanced")
machine_type = optional(string, "e2-medium")
autoscaling = optional(object({
min_node_count = optional(number, 1)
max_node_count = optional(number, 2)
location_policy = optional(string, "BALANCED")
}), {})
enable_secure_boot = optional(bool, true)
enable_integrity_monitoring = optional(bool, true)
auto_repair = optional(bool, true)
auto_upgrade = optional(bool, true)
workload_metadata_config_mode = optional(string, "GKE_METADATA")
service_account = optional(string, "default")
labels = optional(map(string), {
"class.truefoundry.io/component" = "control-plane"
})
taints = optional(object(
{
key = optional(string, "class.truefoundry.io/component")
value = optional(string, "control-plane")
effect = optional(string, "NO_SCHEDULE")
}
), {})
preemptible = optional(bool, false)
spot = optional(bool, true)
}) | `{}` | no |
| [deletion\_protection](#input\_deletion\_protection) | Deletion protection enabled/disabled | `bool` | `false` | no |
| [enable\_container\_image\_streaming](#input\_enable\_container\_image\_streaming) | Enable/disable container image streaming | `bool` | `true` | no |
-| [kubernetes\_version](#input\_kubernetes\_version) | Version of GKE | `string` | `"1.27"` | no |
+| [kubernetes\_version](#input\_kubernetes\_version) | Version of GKE | `string` | `"1.28"` | no |
| [max\_pods\_per\_node](#input\_max\_pods\_per\_node) | Maximum pods per node | `string` | `"32"` | no |
| [oauth\_scopes](#input\_oauth\_scopes) | Oauth Scopes to attach to the cluste | `list(string)` | [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write"
]
| no |
| [project](#input\_project) | GCP Project | `string` | n/a | yes |
diff --git a/gke.tf b/gke.tf
index 02b0cdd..68a433d 100644
--- a/gke.tf
+++ b/gke.tf
@@ -160,6 +160,10 @@ resource "google_container_cluster" "cluster" {
# Customizable node pool
# See: https://registry.terraform.io/providers/hashicorp/google/4.1.0/docs/resources/container_node_pool
+
+##########################################################################################
+## Generic node pool
+##########################################################################################
resource "google_container_node_pool" "generic" {
name = "generic"
cluster = google_container_cluster.cluster.id
@@ -196,6 +200,56 @@ resource "google_container_node_pool" "generic" {
}
}
+##########################################################################################
+## Control plane node pool
+##########################################################################################
+resource "google_container_node_pool" "control_plane_pool" {
+ count = var.control_plane_enabled ? 1 : 0
+ name = "control-plane"
+ cluster = google_container_cluster.cluster.id
+ location = var.region
+ node_locations = var.cluster_node_locations
+ management {
+ auto_repair = var.control_plane_pool_config.auto_repair
+ auto_upgrade = var.control_plane_pool_config.auto_upgrade
+ }
+ autoscaling {
+ min_node_count = var.control_plane_pool_config.autoscaling.min_node_count
+ max_node_count = var.control_plane_pool_config.autoscaling.max_node_count
+ location_policy = var.control_plane_pool_config.autoscaling.location_policy
+ }
+ node_config {
+ disk_size_gb = var.control_plane_pool_config.disk_size_gb
+ disk_type = var.control_plane_pool_config.disk_type
+ gcfs_config {
+ enabled = var.enable_container_image_streaming
+ }
+ labels = var.control_plane_pool_config.labels
+ taint {
+ key = var.control_plane_pool_config.taints.key
+ value = var.control_plane_pool_config.taints.value
+ effect = var.control_plane_pool_config.taints.effect
+ }
+ resource_labels = local.control_plane_tags
+ machine_type = var.control_plane_pool_config.machine_type
+ shielded_instance_config {
+ enable_secure_boot = var.control_plane_pool_config.enable_secure_boot
+ enable_integrity_monitoring = var.control_plane_pool_config.enable_integrity_monitoring
+ }
+ workload_metadata_config {
+ mode = var.control_plane_pool_config.workload_metadata_config_mode
+ }
+ oauth_scopes = var.oauth_scopes
+ preemptible = var.control_plane_pool_config.preemptible
+ spot = var.control_plane_pool_config.spot
+ service_account = var.control_plane_pool_config.service_account
+
+ tags = ["tfy-control-plane"]
+
+ }
+}
+
+
/******************************************
CRD are broken in GKE
https://github.com/kubernetes/kubernetes/issues/79739
diff --git a/locals.tf b/locals.tf
index 8054e41..2a16010 100644
--- a/locals.tf
+++ b/locals.tf
@@ -3,7 +3,18 @@ locals {
"terraform-module" = "truefoundry-cluster-classic"
"terraform" = "true"
"cluster-name" = var.cluster_name
+ "truefoundry" = "managed"
},
var.tags
)
+ generic_tags = merge({
+ node_usage = "generic"
+ },
+ local.tags
+ )
+ control_plane_tags = merge({
+ node_usage = "tfy-control-plane"
+ },
+ local.tags
+ )
}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 6be83b4..baab37b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -19,6 +19,7 @@ variable "max_pods_per_node" {
default = "32"
type = string
}
+
variable "cluster_generic_node_config" {
description = "Cluster Generic Node configuration"
type = object({
@@ -33,7 +34,7 @@ variable "cluster_generic_node_config" {
workload_metadata_config_mode = optional(string, "GKE_METADATA")
service_account = optional(string, "default")
preemptible = optional(bool, false)
- spot = optional(bool, false)
+ spot = optional(bool, true)
})
default = {
@@ -79,7 +80,7 @@ variable "oauth_scopes" {
variable "kubernetes_version" {
description = "Version of GKE"
- default = "1.27"
+ default = "1.28"
type = string
}
@@ -89,6 +90,46 @@ variable "deletion_protection" {
type = bool
}
+variable "control_plane_enabled" {
+ description = "Whether control plane is enabled or not"
+ default = false
+ type = bool
+}
+
+variable "control_plane_pool_config" {
+ description = "Control plane node pool config"
+ type = object({
+ disk_size_gb = optional(string, "100")
+ disk_type = optional(string, "pd-balanced")
+ machine_type = optional(string, "e2-medium")
+ autoscaling = optional(object({
+ min_node_count = optional(number, 1)
+ max_node_count = optional(number, 2)
+ location_policy = optional(string, "BALANCED")
+ }), {})
+ enable_secure_boot = optional(bool, true)
+ enable_integrity_monitoring = optional(bool, true)
+ auto_repair = optional(bool, true)
+ auto_upgrade = optional(bool, true)
+ workload_metadata_config_mode = optional(string, "GKE_METADATA")
+ service_account = optional(string, "default")
+ labels = optional(map(string), {
+ "class.truefoundry.io/component" = "control-plane"
+ })
+ taints = optional(object(
+ {
+ key = optional(string, "class.truefoundry.io/component")
+ value = optional(string, "control-plane")
+ effect = optional(string, "NO_SCHEDULE")
+ }
+ ), {})
+ preemptible = optional(bool, false)
+ spot = optional(bool, true)
+ })
+ default = {
+
+ }
+}
################################################################################
# Network
################################################################################
@@ -97,6 +138,7 @@ variable "cluster_network_name" {
description = "Network name for the cluster"
type = string
}
+
variable "cluster_subnet_id" {
description = "Subnetwork name for the cluster."
type = string
@@ -147,7 +189,6 @@ variable "allowed_ip_ranges" {
# Generic
################################################################################
-
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
diff --git a/versions.tf b/versions.tf
index 8b7aff3..34df9ad 100644
--- a/versions.tf
+++ b/versions.tf
@@ -3,11 +3,11 @@ terraform {
required_providers {
google-beta = {
source = "hashicorp/google-beta"
- version = "5.10.0"
+ version = "5.18.0"
}
google = {
source = "hashicorp/google"
- version = "5.10.0"
+ version = "5.18.0"
}
}
}
\ No newline at end of file